[JSDCLOUD-5856] Restricted Confluence pages are being suggested to customers at Customer Portal when jira-servicedesk-users group is used to restrict page access in Confluence

Type: Bug
Resolution: Fixed
Priority: Medium
Component/s: Knowledge Base & Confluence integration
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Cloud bug fix policy

Steps to Reproduce

Create a Space in Confluence.
Add multiple pages to this Space.
Choose a single page and restrict access to jira-servicedesk-users in the padlock icon.
Create a JIRA Service Desk project
Access Project settings > Knowledgebase
Link to the Confluence space created
Access Portal as user not listed at jira-servicedesk-users group (customer)
Perform a search for the restricted page

Actual Results

Customers are suggested with the restricted pages even if they are not part of jira-servicedesk-users group

Expected Results

The page should not be displayed to users without the permission to view the Confluence page.

Workaround

Use a specific Confluence space for the knowledge base that only contains pages you wish to share with Service Desk users. Or use another group, except jira-servicedesk-users, to restrict page access in Confluence.

is related to

JSDSERVER-3812 The "Restrict to articles with labels" option doesn't restrict the customer portal from suggesting KB's other than those with the nominated Label

Closed

mentioned in: Page Failed to load

relates to: FSD-2320 Failed to load; FSD-2513 Failed to load

David Black added a comment - 16/Jul/2018 6:27 AM

(Resetting the security bugfix sla for this issue as this project will now be tracked ).
(Resetting the security bugfix sla for this issue at the request of dnguyen@atlassian.com)
CVSS v3 score: 5.0 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	None

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	Low
Integrity	None
Availability	None

See http://go.atlassian.com/cvss for more details.

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

David Black added a comment - 16/Jul/2018 6:27 AM (Resetting the security bugfix sla for this issue as this project will now be tracked ). (Resetting the security bugfix sla for this issue at the request of dnguyen@atlassian.com ) CVSS v3 score: 5.0 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity None Availability None See http://go.atlassian.com/cvss for more details. https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Assignee:: Duy Nguyen JSM

Reporter:: Coutinho (Inactive)

Affected customers:: 2 This affects my team

Watchers:: 10 Start watching this issue

Created:: 10/Jan/2018 3:16 PM

Updated:: 26/Aug/2019 3:05 AM

Resolved:: 11/Sep/2018 2:20 AM

Jira Service Management Cloud

Details

Description

Steps to Reproduce

Actual Results

Expected Results

Workaround

Attachments

Issue Links

Forms

Activity

Collapse comment: David Black added a comment - 16/Jul/2018 6:27 AM

Expand comment: David Black added a comment - 16/Jul/2018 6:27 AM

People

Dates