Restricted knowledge base articles are visible to users without access, potentially exposing sensitive information.

XMLWordPrintable

    • 4
    • Severity 3 - Minor
    • 0

      Problem

      When logged in with a portal-only account, customer can see a link to a knowledge base article from a restricted project, despite not having access to that project. The article is part of the space, which should only be accessible to users with the appropriate permissions.

      This could reveal sensitive information to external users. 

      Environment

      JSM Cloud

      Steps to Reproduce

      1. Create two projects:
        1. Restricted with attached space
        2. Open with no space access
      2. Create a Topic on the portal and add an article from the Restricted project to this Topic.
      3. Customers from the Open project can also see the article and its description on the portal, on accessing it gives an error.

      Expected Results

      Ideally, the restricted article should not be listed at all.

      Actual Results

      Restricted article is visible in the list to invalid customers.

      Workaround

      None

            Assignee:
            Unassigned
            Reporter:
            Barkha Bansal
            Votes:
            10 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated: