Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-34035

Anonymous users can access popular filters w/out permission

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Low Low
    • None
    • None

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      A customer mentioned this issue at OSCON and we were partially able to reproduce it. Users cannot see the issues themselves (in this example) but can view the filter name, owner, and popularity. Without logging in a subset of our filters are visible here: <base url>/secure/ManageFilters.jspa#filterView=popular

      Our permissions do not allow any anonymous access to the projects mentioned in these filters. The filters are shared with everyone. If this is not a bug can you please describe the functionality of anonymous access to filters so that we can configure JIRA correctly to prevent this data leakage. (It appears that filters shared with Everyone can be seen anonymously even if the issues contained within cannot.)

              Unassigned Unassigned
              b043998941a9 Pepe
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: