Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-67576

@Mention emails sent to Customer users

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a bug
    • Low
    • None
    • 7.10.0
    • Email notifications
    • None

    Description

      Summary

      • Customer users are sent @mention emails even though they should not have access to the project. This may give them access to information that they should not have.

      Steps to Reproduce

      1. Create a user without application access
      2. Mention the user in a comment

      Expected Results

      • Since the user does not have access they should not receive an email.

      Actual Results

      • The user receives the email (as a Mentioned you notification) with details of the comment.

      Workarounds

      • Do not mention the user if you do not wish for them to receive an email.
      • Change the Project Permission "Browse projects" to not include "Any user logged in" and instead use roles, groups or users with specific application access.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-23902 Don't show users in user picker which are *not* in jira-users group

          • Low - Low priority issues
          • Needs Triage
          links to

          Web Link Bugcrowd (bug bounty) report

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              khannon Keri Duthie (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: