Workbox (Notifications and Tasks) leaks restricted information from a jira issue

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 6.2-OD-7, 6.2
    • Affects Version/s: 5.1.1
    • Component/s: None
    • Environment:
      • Confluence 5.1.1
      • Atlassian JIRA (v5.2.10#853-sha1:c0ba268)
      • Atlassian Crowd Version: 2.6.1 (Build:#603 - 18-03-2013)

      User management: Crowd, backed by LDAP

    • 5.01
    • 3.5

      If a confluence instance is configured to pull notifications from a JIRA server then if a user 'B' (not in group 'A') watches an issue and a comment is added to the issue restricted to group 'A' then user 'B' is able to see the contents of the restricted comment via the "Notifications and Tasks" drawer in confluence.

              Assignee:
              Petro Semeniuk (Inactive)
              Reporter:
              Thomas Kruse
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: