Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.5
Affects Version/s: 3.4.2
Component/s: Project Administration - Permissions
Labels:
- affects-server

Introduced in Version:
3.04
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Adding "Current Assignee" to the Browse permission for a project lets any user of the system see that project (they can't necessarily view issues or create issues, but they can see the project).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

CurrentAssigneeHasAssignablePermission.class
3 kB
09/Jan/2006 10:59 PM

Issue Links

duplicates

JRASERVER-11881 Setting Browse Projects to anything but a group makes projects visible to jira-users

Closed

is duplicated by

JRASERVER-11881 Setting Browse Projects to anything but a group makes projects visible to jira-users

Closed

is related to

JRASERVER-8942 Granting User Custom Field "Browse" permission has no effect

Closed

JRASERVER-14424 Separate permissions for issue filtering and project display

Gathering Interest

is superseded by

JRASERVER-43923 Current Assignee on Browse Projects Permission displayed Projects to All Users

Closed

relates to

JRASERVER-4935 "Browse Project" permission for "Current Reporter" grants users to see projects they are not permitted to.

Closed

was cloned as

JRASERVER-36141 "Current Assignee" on Browse Permission creates security hole

Closed

resolves: PS-73349 Loading...

(1 relates to, 1 was cloned as, 1 resolves)

Activity

People

Assignee:: MarkC

Reporter:: Erik S

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 06/Jan/2006 1:13 AM

Updated:: 05/Jun/2021 11:49 PM

Resolved:: 12/Jan/2006 11:04 PM

Time Tracking

Estimated:

Remaining:

Logged: