Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Security
Labels:

Steps to replicate:

Add a new bitbucket account to your JIRA OnDemand instance via the DVCS connector.
Click on the cog to the right of your new account and view 'configure automatic access'

Result:

Automatic access will be set up and membership to the 'developers' group will be granted

Expected result:

Either no automatic access will be set up, or during the creation process you should be warned that automatic access has been granted.

This is a security concern for users that add people that should have access to the repository to their OD account, as access will be granted unknowingly.

It also becomes more of a problem now that ~~UNIFIED-79~~ has been released, as it's not at all obvious that membership is granted anymore.

causes

ID-97 Create a banner to warn users about the DVCS auto-inviting function when integrated with Bitbucket

Closed

is related to

ID-25 New user management system doesn't mention that Bitbucket invites are going to be sent

Closed

relates to

JSWSERVER-14233 New user that is added to Jira is automatically invited to 'developers' group

Closed

JSWSERVER-14464 Disable adding users to Bitbucket teams by default.

Closed

BBC-742 Loading...

DESK-3600 Loading...

GROW-769 Loading...

GROW-1563 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

Wiki Page: Wiki Page Loading...

(3 relates to, 4 mentioned in, 1 Wiki Page)

Assignee:: Unassigned
Reporter:: Matthew Hunter
Votes:: 1 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: 11/Mar/2014 5:51 AM
Updated:: 06/Dec/2024 8:17 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates