Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-8950

"Current Assignee" on Browse Permission creates security hole

    XMLWordPrintable

Details

    Description

      Adding "Current Assignee" to the Browse permission for a project lets any user of the system see that project (they can't necessarily view issues or create issues, but they can see the project).

      Attachments

        Issue Links

          Activity

            People

              mark@atlassian.com MarkC
              f2dc2c6450e1 Erik S
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 7h
                  7h
                  Remaining:
                  Time Spent - 2h Remaining Estimate - 5h
                  5h
                  Logged:
                  Time Spent - 2h Remaining Estimate - 5h
                  2h