Details
-
Bug
-
Resolution: Obsolete
-
Medium
-
None
-
5.4.3
-
None
-
Standalone, Windows 2008, PostgreSQL 9
-
4
-
Description
If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment.
This is a significant permissions/security hole in linked JIRA/Confluence environments.
Attachments
Issue Links
- is related to
-
JRASERVER-36766 JIRA sends in-app notifications to Confluence for restricted comments
- Closed
- relates to
-
JRASERVER-29354 Mention notifications do not respect the "Viewable by" security level restriction set on a comment
- Closed