Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-43750

Limit @ mention list to authorized users

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Low
    • None
    • None

    Description

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      It looks like the update behavior is that only licensed users will be listed with the mention, but this doesn't take the limit far enough. Users who don't have permissions to a project shouldn't be available for mentions in the context of that project. For us this is a security issue, for most, this is still bad UI. It'll only create confusion and concern from a security perspective (The inevitable question will be does this person have access to our project? Why do they show up here?). This also creates the possibility of leaking sensitive client information. We're a hosting multiple clients with this application and it would allow them to search for each other, which is a problem for us.

      Attachments

        Issue Links

          is cloned from

          Suggestion - BSERV-7242 Limit @ mention list to authorized users

          • Gathering Interest
          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-43750 Limit @ mention list to authorized users

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              0c0d789c8fe8 SanderZ
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: