Details
-
Bug
-
Resolution: Duplicate
-
Medium
-
None
-
None
Description
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
You can navigate directly to the attach screenshot page and even if you son't have permission you can view the page.
you can't attach a screenshot, but you can see the page. There is no information leak.
You can also specify an invalid issue id.
Attachments
Issue Links
- duplicates
-
JRASERVER-21878 Screenshot applet is still accessible from view issue after session timeout.
- Closed
- relates to
-
JRACLOUD-22170 Attach Screenshot page not protected by permission
- Closed