Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-34035

Anonymous users can access popular filters w/out permission

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Low
    • Resolution: Duplicate
    • None
    • None

    Description

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      A customer mentioned this issue at OSCON and we were partially able to reproduce it. Users cannot see the issues themselves (in this example) but can view the filter name, owner, and popularity. Without logging in a subset of our filters are visible here: <base url>/secure/ManageFilters.jspa#filterView=popular

      Our permissions do not allow any anonymous access to the projects mentioned in these filters. The filters are shared with everyone. If this is not a bug can you please describe the functionality of anonymous access to filters so that we can configure JIRA correctly to prevent this data leakage. (It appears that filters shared with Everyone can be seen anonymously even if the issues contained within cannot.)

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              b043998941a9 Pepe
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: