-
Suggestion
-
Resolution: Unresolved
-
None
-
9
-
Hi support,
I am using Advanced Roadmap and I have noticed a security problem.
Advanced Roadmap overrides any controls that are set in JIRA. If you have a custom fields that are not editable in JIRA, with Advanced Roadmap is anyway possible!
The security problem is that if you use a Security Level based on a user picker field, and this is editable by anyone with Advanced Roadmap it is possible to make visible issues that normally would not be visible on Jira or are proteced by some condition rules.
Please, check and fix as soon as possible.
BR
Antonio
- is related to
-
- Closed
- links to
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSWSERVER-24795] Advanced Roadmap allow editing of read-only fields
| UIS | Original: 11 | New: 9 |
| UIS | Original: 8 | New: 11 |
| UIS | Original: 6 | New: 8 |
| UIS | Original: 4 | New: 6 |
| UIS | Original: 2 | New: 4 |
| Labels | Original: Plan-Permiss | New: Plan-Permiss ril |
| Remote Link | New: This issue links to "Internal ticket (Web Link)" [ 979417 ] |
| UIS | Original: 4 | New: 2 |
| UIS | Original: 7 | New: 4 |
| UIS | Original: 9 | New: 7 |