Defect #31778
Total estimated time issue query column and issue field might leak information
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Go MAEDA | % Done: | 0% | |
| Category: | Issues | |||
| Target version: | 3.4.12 | |||
| Resolution: | Affected version: |
Description
The total estimated time information will show the sum of the estimated times of the issues and its subissues. This calculation does not verify if the current user is allowed to see the sub issues though, which might lead to an information leak.
Attached is a patch with a test for this issue. This patch was created and contributed by Gregor Schmidt.
Related issues
Associated revisions
Limit total_estimated_hours to visible issues (#31778).
Patch by Gregor Schmidt.
History
#1
Updated by Go MAEDA over 1 year ago
- Target version set to 4.0.5
Setting the target version to 4.0.5.
#2
Updated by Go MAEDA over 1 year ago
- Status changed from New to Resolved
- Assignee set to Go MAEDA
Committed the fix. Thank you.
#3
Updated by Go MAEDA over 1 year ago
- Status changed from Resolved to Closed
- Target version changed from 4.0.5 to 3.4.12
#4
Updated by Go MAEDA about 1 year ago
- Related to Defect #32022: IssueSubtaskingTest fails with high probability added