-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
High
-
None
-
Affects Version/s: 2.6 Pro
-
Component/s: Project Administration - Permissions
-
Environment:
SuSE Linux 8.2 / atlassian-jira-professional-2.6-standalone-tomcat
-
2.06
I have added a new user to our jira system as member of the group X. An e-mail was sent with the URL of the login and the password.
Our customer clicked the URL in the e-mail. A list of issues from a project P was shown WITHOUT ANY LOGIN! The project P has no relation to the group X, so even after a correct login the user should not be able to see issues from this project.
The list of issues was no regular search result. The displayed (broken) page startet with the lines
=============
"value="">
">
">
" tabindex=4>
=============
followed by a list of issues of the project P.
- duplicates
-
-
- Closed
-
