-
Bug
-
Resolution: Won't Fix
-
Medium (View bug fix roadmap)
-
None
-
None
-
None
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
By updating the security level over SOAP API, it is possible to set the value to an non-existing value or minimum not existing in the Security Scheme of the project.
Because of no validation the security level of the issue is set on a value at which either the soap user or anyone else has access to the issue after this update.
There should be an exception, if the security value is not valid for the security scheme of the project.
Maybe an excteption too, if the user is not a member of security level to be switched to.
This affects soap api of JIRA Enterprise Edition, Version: 3.9.1-#234 (updateIssue)
- relates to
-
-
- Closed
-
no validation for security level as valid option of security sheme - SOAP API
-
-
Resolution: Won't Fix
-
Medium
-
None
-
None
-
None
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
By updating the security level over SOAP API, it is possible to set the value to an non-existing value or minimum not existing in the Security Scheme of the project.
Because of no validation the security level of the issue is set on a value at which either the soap user or anyone else has access to the issue after this update.
There should be an exception, if the security value is not valid for the security scheme of the project.
Maybe an excteption too, if the user is not a member of security level to be switched to.
This affects soap api of JIRA Enterprise Edition, Version: 3.9.1-#234 (updateIssue)
- relates to
-
-
- Closed
-
-
Unassigned
-
Jan-Philipp Jourdan
- Votes:
-
1 Vote for this issue
- Watchers:
-
2 Start watching this issue
- Created:
- Updated:
- Resolved: