Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-52666

User Receive Email Notification Eventhough User No Longer has View Page permission

XMLWordPrintable

      Steps to reproduce:

      1. Create new space. Eg: SpaceA
      2. Create a new user . Eg: johndoe
      3. Create a new page in the SpaceA . Eg: Test Page1
      4. Login as johndoe and watch the page in SpaceA
      5. Login as administrator and remove johndoe or his group from being able to view the page
      6. Edit the page that johndoe has watched
      7. Immediately add johndoe and his group to be able to view the page again

       

      Expected Result

      johndoe will not receive the notification while he does not have view access to the page

       

      Actual Result

      johndoe will receive the notification when he is does not have the view access to the page.

       

      Observation Notes:

      The notification seems to be send out if the Permission/Restriction was added within length of Send Batch Notification. To clarify this further , if the Send Batch Notification is set to 10 minutes, if the user is able to view the page within 10 minutes after the page modification, the user will receive the email notification. eg:

      1. Create new space. Eg: SpaceA
      2. Create a new user . Eg: johndoe
      3. Create a new page in the SpaceA . Eg: Test Page1
      4. Login as johndoe and watch the page in SpaceA
      5. Login as administrator and remove johndoe or his group from being able to view the page
      6. Edit the page that johndoe has watched
      7. After 11 minutes since the page was modified, add johndoe and his group to be able to view the page again
      8. Then, the johndoe will not receive the notification

       

          Form Name

            [CONFSERVER-52666] User Receive Email Notification Eventhough User No Longer has View Page permission

            sw5771.park added a comment -

            253d6f2553f0 

             

            Hello. this is Sangwoo.

             

            1. Is this solved?

                if not, when?

            2. "This is an independent assessment and you should evaluate its applicability to your own IT environment.""

               ->
                what's mean? can you explain more easily?

             

            Thank you.

            sw5771.park added a comment - 253d6f2553f0     Hello. this is Sangwoo.   1. Is this solved?     if not, when? 2. "This is an independent assessment and you should evaluate its applicability to your own IT environment.""    ->     what's mean? can you explain more easily?   Thank you.

            Tanvir Ahmed added a comment -

            This is an independent assessment and you should evaluate its applicability to your own IT environment.

            CVSS v3 score: 3.5 => Low severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required Low
            User Interaction Required

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality Low
            Integrity None
            Availability None

            See http://go.atlassian.com/cvss for more details.

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

            Tanvir Ahmed added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 3.5 => Low severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction Required Scope Metric Scope Unchanged Impact Metrics Confidentiality Low Integrity None Availability None See http://go.atlassian.com/cvss for more details. https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

              Unassigned Unassigned
              jalbion Janet Albion (Inactive)
              Affected customers:
              1 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated: