Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-36141

"Current Assignee" on Browse Permission creates security hole

    XMLWordPrintable

Details

    Description

      Adding "Current Assignee" to the Browse permission for a project lets any user of the system see that project (they can't necessarily view issues or create issues, but they can see the project).

      Attachments

        Issue Links

          is cloned from

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-8950 "Current Assignee" on Browse Permission creates security hole

          • High - High priority issues
          • Closed

          Activity

            People

              mark@atlassian.com MarkC
              theidenreich Thomas Heidenreich (//S)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 7h
                  7h
                  Remaining:
                  Remaining Estimate - 7h
                  7h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified