Other SD Projects Knowledge Base are accessible through direct link

Summary:

If a Customer only able to access one SD Portal and log in to Confluence, it is actually possible for that Customer to access other SD Project KBs through a Direct URL Link including navigating the space.

Steps to Reproduce:

1. Prepare a JIRA instance that is connected to Confluence with the same User Base.
2. Create two SD Project (SD1 and SD2) and connect it to a Confluence Space each (KB1 and KB2)
3. Both SD projects have permissions set: "Customers who are added to the project"
4. Make sure the option below is enabled when connecting the Spaces:

   "All active users and customers can access the knowledge base without a Confluence license."

1. Create a Customer that only exists in SD1 and log in as the Customer to SD1 Portal.
2. Search for an Article in KB1 to clarify that it returns a result.
3. Search for an Article in KB2 to clarify that it should not returns anything.
4. Log in to Confluence using the Customer credentials and clarify that there is no other menu beside the Confluence Logo to clarify that the Customer does not have a Confluence License.
5. Open another session and log in to Confluence as an Admin.
6. Access the KB2 space and copy the URL.
7. Back to the Customer session and paste the link

Expected Result:

With the customer is only allowed to access SD1, the connected KB2 will return the "not permitted" error.

Actual Result:

The Customer will access the space and able to navigate around it.