Project

General

Profile

Actions

Defect #16743

closed

Project list lists all projects, even if user is not added to them

Added by Peter L. over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

I added a new user group called "external employees" and just created a user for it.

When I log in, i can already see all projects - even when I have not added the external user to any project.
This seems like a security problem to me?

Actions

Also available in: Atom PDF