Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-36236

Workbox (Notifications and Tasks) leaks restricted information from a jira issue

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 6.2-OD-7, 6.2
    • 5.1.1
    • None
      • Confluence 5.1.1
      • Atlassian JIRA (v5.2.10#853-sha1:c0ba268)
      • Atlassian Crowd Version: 2.6.1 (Build:#603 - 18-03-2013)

      User management: Crowd, backed by LDAP

    Description

      If a confluence instance is configured to pull notifications from a JIRA server then if a user 'B' (not in group 'A') watches an issue and a comment is added to the issue restricted to group 'A' then user 'B' is able to see the contents of the restricted comment via the "Notifications and Tasks" drawer in confluence.

      Attachments

        Activity

          People

            psemeniuk Petro Semeniuk (Inactive)
            ed6341e5456f Thomas Kruse
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: