-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
6.0.8, 6.2
-
None
-
6
-
Even if a user is restricted to only one project
It is possible to gain access to issue description and other data by using the activity stream gadget.
see attached screenshoot,
url /browse/?jql= is conforming to security level by only showing issue in the demo project
gadget Activity Stream do not conforme to security level and show full description and comment from other project
- duplicates
-
JRASERVER-34022 Restricted Work Log entries show in the Activity Stream in JIRA Server
- Gathering Impact
-
RAID-481 Loading...