Project

General

Profile

Actions

Defect #24915

open

Activity shows issues and text of issues which should not

Added by Thomas Löfgren about 7 years ago. Updated over 5 years ago.

Status:
Needs feedback
Priority:
High
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

If as user only allowed to see your issues (Issues assigned or created by user) and you click on a different member of the project from the Project overview side.

  • You will see all the tickets assigned to that user and some of the content of the tickets as well.
  • If you click on a ticket from the activity you will get 403 Forbidden.

This may be applicable on other kind of activities.


Related issues

Related to Redmine - Defect #22120: Issues are visible in Issue List but not in Issue DetailNeeds feedback

Actions
Actions

Also available in: Atom PDF