Uploaded image for project: 'Jira Service Management Cloud'
  1. Jira Service Management Cloud
  2. JSDCLOUD-16577

Restricted knowledge base articles are visible to users without access, potentially exposing sensitive information.

XMLWordPrintable

      Problem

      When logged in with a portal-only account, customer can see a link to a knowledge base article from a restricted project, despite not having access to that project. The article is part of the space, which should only be accessible to users with the appropriate permissions.

      This could reveal sensitive information to external users. 

      Environment

      JSM Cloud

      Steps to Reproduce

      1. Create two projects:
        1. Restricted with attached space
        2. Open with no space access
      2. Create a Topic on the portal and add an article from the Restricted project to this Topic.
      3. Customers from the Open project can also see the article and its description on the portal, on accessing it gives an error.

      Expected Results

      Ideally, the restricted article should not be listed at all.

      Actual Results

      Restricted article is visible in the list to invalid customers.

      Workaround

      None

              Unassigned Unassigned
              f4c8d44d92af Barkha Bansal
              Votes:
              10 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: