Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Low
Fix Version/s: None
Affects Version/s: 6.0.8, 6.2
Component/s: None
Labels:
- affects-server

Introduced in Version:
6
Bug Fix Policy:
View Atlassian Server bug fix policy

Even if a user is restricted to only one project

It is possible to gain access to issue description and other data by using the activity stream gadget.

see attached screenshoot,

url /browse/?jql= is conforming to security level by only showing issue in the demo project

gadget Activity Stream do not conforme to security level and show full description and comment from other project

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

3.png
281 kB
05/Mar/2014 4:43 AM
2.png
103 kB
05/Mar/2014 4:38 AM
1.png
68 kB
05/Mar/2014 4:36 AM

duplicates

JRASERVER-34022 Restricted Work Log entries show in the Activity Stream in JIRA Server

Gathering Impact

RAID-481 Loading...

Assignee:: Unassigned

Reporter:: &(*&)#)_*#@@(*)(@*)(*@

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 05/Mar/2014 4:34 AM

Updated:: 28/Mar/2019 12:13 AM

Resolved:: 10/Mar/2014 3:37 AM