Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-37341

Activity stream can show more data than expected

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Low Low
    • None
    • 6.0.8, 6.2
    • None

      Even if a user is restricted to only one project

      It is possible to gain access to issue description and other data by using the activity stream gadget.

      see attached screenshoot,

      url /browse/?jql= is conforming to security level by only showing issue in the demo project

      gadget Activity Stream do not conforme to security level and show full description and comment from other project

        1. 3.png
          3.png
          281 kB
        2. 2.png
          2.png
          103 kB
        3. 1.png
          1.png
          68 kB

            Unassigned Unassigned
            95743e14b341 &(*&)#)_*#@@(*)(@*)(*@
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: