-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
None
-
None
-
None
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
A customer mentioned this issue at OSCON and we were partially able to reproduce it. Users cannot see the issues themselves (in this example) but can view the filter name, owner, and popularity. Without logging in a subset of our filters are visible here: <base url>/secure/ManageFilters.jspa#filterView=popular
Our permissions do not allow any anonymous access to the projects mentioned in these filters. The filters are shared with everyone. If this is not a bug can you please describe the functionality of anonymous access to filters so that we can configure JIRA correctly to prevent this data leakage. (It appears that filters shared with Everyone can be seen anonymously even if the issues contained within cannot.)
- duplicates
-
JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'
- Closed
- relates to
-
JRACLOUD-34035 Anonymous users can access popular filters w/out permission
- Closed