Details
-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
6.0.8, 6.2
-
None
-
6
-
Description
Even if a user is restricted to only one project
It is possible to gain access to issue description and other data by using the activity stream gadget.
see attached screenshoot,
url /browse/?jql= is conforming to security level by only showing issue in the demo project
gadget Activity Stream do not conforme to security level and show full description and comment from other project
Attachments
Issue Links
- duplicates
-
JRASERVER-34022 Restricted Work Log entries show in the Activity Stream in JIRA Server
- Gathering Impact
-
RAID-481 Loading...