Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-6822

Internal comments on agents view trigger workbox notification in Confluence

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a bug
    • Icon: Low Low
    • None
    • 4.5.4
    • Email - Outgoing
    • None

      Issue Summary

      Internal comments on agents view trigger workbox notification in Confluence and are causing security problems in customer environments

      Steps to Reproduce

      1. Have an application link setup configurated using OAuth with Confluence, in this case, v6.13.7
      2. Create two users with application access and browse project permission only in a Jira Service Desk project
      3. Create a new ticket
      4. Add them as watchers in a ticket from the agent view
      5. Add an internal comment from Jira service desk agent view
      6. Check workbox notification in confluence by logging in as those users
      7. Workbox notifications trigger in confluence from Jira only on 'Comments on issues that you are watching' our official documentation Which notifications are included? 

      Detailed replication steps are in this screen recording: Replication_Steps_JiraServiceDesk.mp4

      The same behavior is not replicable in Jira Software when adding restricted comments: Not_replicable_JiraSoftware.mp4

      Expected Results

      Internal comments should not be triggered as workbox notification in Confluence, should be handled in the same way as done in Jira Software

      Actual Results

      Internal comments are being triggered to customers as workbox notifications in Confluence, which are causing security problems in customer environments

      Workaround

      Refer to the heading 'Stopping Jira applications from sending notifications to Confluence' in this KB article Configuring Workbox Notifications 

        1. Not_replicable_JiraSoftware.mp4
          1.04 MB
          Sriteja Kattamuru
        2. Replication_Steps_JiraServiceDesk.mp4
          1.47 MB
          Sriteja Kattamuru
        3. Screen Shot 2020-04-21 at 2.46.16 pm.png
          42 kB
          Aidan Goldthorpe

          Form Name

            [JSDSERVER-6822] Internal comments on agents view trigger workbox notification in Confluence

            Karan Ahuja made changes -
            Remote Link Original: This issue links to "JSDSS-115 (Bulldog)" [ 479867 ] New: This issue links to "JSDSS-115 (JIRA Server (Bulldog))" [ 479867 ]
            Sriteja Kattamuru (Inactive) made changes -
            Comment [ A comment with security level 'atlassian-staff' was removed. ]
            Aidan Goldthorpe made changes -
            Link New: This issue relates to JSDSERVER-3392 [ JSDSERVER-3392 ]
            Aidan Goldthorpe made changes -
            Resolution New: Not a bug [ 12 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]
            Aidan Goldthorpe made changes -
            Remote Link New: This issue links to "JSDSS-115 (Bulldog)" [ 479867 ]
            Aidan Goldthorpe made changes -
            Attachment New: Screen Shot 2020-04-21 at 2.46.16 pm.png [ 387175 ]
            Bugfix Automation Bot made changes -
            Support reference count New: 1
            Sriteja Kattamuru (Inactive) made changes -
            Description Original: h3. Issue Summary

            Internal comments on agents view trigger workbox notification in Confluence
            h3. Steps to Reproduce
             # Have an application link setup configurated using OAuth with Confluence, in this case, v6.13.7
             # Create two users with application access and browse project permission only in a Jira Service Desk project
             # Create a new ticket
             # Add them as watchers in a ticket from the agent view
             # Add an internal comment from Jira service desk agent view
             # Check workbox notification in confluence by logging in as those users
             # Workbox notifications trigger in confluence from Jira only on 'Comments on issues that you are watching' our official documentation [Which notifications are included?|https://confluence.atlassian.com/doc/workbox-notifications-284365963.html#WorkboxNotifications-Whichnotificationsareincluded?

            Detailed replication steps are in this screen recording: 

            The same behavior is not replicable in Jira Software when adding restricted comments:
            h3. Expected Results

            Internal comments should not be triggered as workbox notification in Confluence, should be handled in the same way as done in Jira Software
            h3. Actual Results

            Internal comments are being triggered to customers as workbox notifications in Confluence, which are causing security problems in customer environments
            h3. Workaround

            Refer to the heading 'Stopping Jira applications from sending notifications to Confluence' in this KB article [Configuring Workbox Notifications|https://confluence.atlassian.com/conf613/configuring-workbox-notifications-964961270.html            		 New: h3. Issue Summary

            Internal comments on agents view trigger workbox notification in Confluence and are causing security problems in customer environments
            h3. Steps to Reproduce
             # Have an application link setup configurated using OAuth with Confluence, in this case, v6.13.7
             # Create two users with application access and browse project permission only in a Jira Service Desk project
             # Create a new ticket
             # Add them as watchers in a ticket from the agent view
             # Add an internal comment from Jira service desk agent view
             # Check workbox notification in confluence by logging in as those users
             # Workbox notifications trigger in confluence from Jira only on 'Comments on issues that you are watching' our official documentation [Which notifications are included?|https://confluence.atlassian.com/doc/workbox-notifications-284365963.html#WorkboxNotifications-Whichnotificationsareincluded?

            Detailed replication steps are in this screen recording: [^Replication_Steps_JiraServiceDesk.mp4]

            The same behavior is not replicable in Jira Software when adding restricted comments: [^Not_replicable_JiraSoftware.mp4]
            h3. Expected Results

            Internal comments should not be triggered as workbox notification in Confluence, should be handled in the same way as done in Jira Software
            h3. Actual Results

            Internal comments are being triggered to customers as workbox notifications in Confluence, which are causing security problems in customer environments
            h3. Workaround

            Refer to the heading 'Stopping Jira applications from sending notifications to Confluence' in this KB article [Configuring Workbox Notifications|https://confluence.atlassian.com/conf613/configuring-workbox-notifications-964961270.html
            Sriteja Kattamuru (Inactive) made changes -
            Attachment New: Not_replicable_JiraSoftware.mp4 [ 387158 ]
            Sriteja Kattamuru (Inactive) made changes -
            Attachment New: Replication_Steps_JiraServiceDesk.mp4 [ 387157 ]

              Unassigned Unassigned
              skattamuru@atlassian.com Sriteja Kattamuru (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: