Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 6.15.2
Affects Version/s: 5.1.2x
Component/s: Apps - Team Calendar
Labels:

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The event of calendar creation is viewable at Activity even by users who are restricted. Hence, users have to be careful not to describe sensitive information on the name of calendars.

This is how I reproduced:

Install Confluence 5.6.6
Install Team Calendar 5.1.21 addon
Create two confluence-users - user1 and user2
Login as user1 and:
1. create a calendar - "User1's Calendar"
2. Give viewing restrict only to user1
Login as user2 and:
1. Go to People Directory and choose user1
2. user2 can see the activity that "User1's Calendar" was created though user2 cannot view the calendar (See also the attached ActivityStream.jpg)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

ActivityStream.jpg
252 kB
30/Jan/2015 4:58 AM

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Duy Truong Luong

Reporter:: Mai Nakagawa (Inactive)

Votes:: 13 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 30/Jan/2015 4:58 AM

Updated:: 10/Apr/2019 1:35 AM

Resolved:: 10/Apr/2019 1:35 AM