Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-22170

Attach Screenshot page not protected by permission

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      You can navigate directly to the attach screenshot page and even if you son't have permission you can view the page.

      you can't attach a screenshot, but you can see the page. There is no information leak.

      You can also specify an invalid issue id.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-21878 Screenshot applet is still accessible from view issue after session timeout.

          • Low - Low priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRACLOUD-22170 Attach Screenshot page not protected by permission

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              nick.menere Nick Menere [Atlassian] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: