Actions
Defect #15613
closed'Add watchers' within the new issue reveals all the accounts
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Issues permissions
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Duplicate
Affected version:
Description
Hi,
'Add watchers' within the new issue reveals all the Redmine accounts, not only the project accounts. We consider it as a security issues and we had to remove the link from issue page.
Version:
We are using Redmine 2.3.2.stable
Expected behavior:
Redmine should list only the accounts available to the logged user.
Thanks,
David Hrbáč
Related issues
Updated by Toshi MARUYAMA about 11 years ago
- Status changed from New to Closed
- Resolution set to Duplicate
Duplicate with #15123.
Updated by Toshi MARUYAMA about 11 years ago
- Is duplicate of Defect #15123: "Add watcher" leaks all active users added
Actions