Project

General

Profile

Actions

Defect #15613

closed

'Add watchers' within the new issue reveals all the accounts

Added by David Hrbáč about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Issues permissions
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Duplicate
Affected version:

Description

Hi,

'Add watchers' within the new issue reveals all the Redmine accounts, not only the project accounts. We consider it as a security issues and we had to remove the link from issue page.

Version:
We are using Redmine 2.3.2.stable

Expected behavior:
Redmine should list only the accounts available to the logged user.

Thanks,
David Hrbáč


Related issues

Is duplicate of Redmine - Defect #15123: "Add watcher" leaks all active usersClosed

Actions
Actions #1

Updated by Toshi MARUYAMA about 11 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

Duplicate with #15123.

Actions #2

Updated by Toshi MARUYAMA about 11 years ago

  • Is duplicate of Defect #15123: "Add watcher" leaks all active users added
Actions

Also available in: Atom PDF