Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-14794

Information leak: Project Custom Field Type links to browse project regardless of user permission

    XMLWordPrintable

Details

    Description

      Although the browse project page will not be displayed without sufficient permission, in other areas of JIRA, the existence of a project is hidden unless the user has no permission to see it.

      The project cf type should not show the project at all if the user doesn't have permission to see it.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-14867 Project CF value can be lost if user doesnt have permission to browse the selected project and they attempt to edit the issue

          • Medium - Medium priority issues
          • Closed
          relates to

          Suggestion - JRASERVER-9051 Change History shows links when main issue view doesn't

          • Closed

          Activity

            People

              mtokar Michael Tokar
              chris@atlassian.com Chris Mountford
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2.5h
                  2.5h