Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-37341

Activity stream can show more data than expected

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Low
    • None
    • 6.0.8, 6.2
    • None

    Description

      Even if a user is restricted to only one project

      It is possible to gain access to issue description and other data by using the activity stream gadget.

      see attached screenshoot,

      url /browse/?jql= is conforming to security level by only showing issue in the demo project

      gadget Activity Stream do not conforme to security level and show full description and comment from other project

      Attachments

        1. 1.png
          68 kB
          &(*&)#)_*#@@(*)(@*)(*@
        2. 2.png
          103 kB
          &(*&)#)_*#@@(*)(@*)(*@
        3. 3.png
          281 kB
          &(*&)#)_*#@@(*)(@*)(*@

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-34022 Restricted Work Log entries show in the Activity Stream in JIRA Server

          • Medium - Medium priority issues
          • Gathering Impact

          RAID-481 Loading...

          Activity

            People

              Unassigned Unassigned
              95743e14b341 &(*&)#)_*#@@(*)(@*)(*@
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: