Loading...

XML

Word

Printable

Type: Bug
Resolution: Obsolete
Priority: Medium
Fix Version/s: None
Affects Version/s: 5.4.3
Component/s: None
Labels:
Environment:

Standalone, Windows 2008, PostgreSQL 9

CVSS Score:
4

If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment.

This is a significant permissions/security hole in linked JIRA/Confluence environments.

is related to

JRASERVER-36766 JIRA sends in-app notifications to Confluence for restricted comments

Closed

relates to

JRASERVER-29354 Mention notifications do not respect the "Viewable by" security level restriction set on a comment

Closed

Assignee:: David Rizzuto (Inactive)
Reporter:: Nate Homitsky
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: 20/Feb/2014 4:09 PM
Updated:: 05/Dec/2019 1:35 AM
Resolved:: 10/Mar/2015 1:18 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates