In Jira, when you press the value of an asset custom field on the issue, a pop up should not appear. There is a security vulnerability because it can see asset schemas. This must be prevented. Anyone who faced this problem before? Please share.
Hi @Emre Ünal ,
Do you mean users can view object schema/details when clicking on Assets custom field value or something else?
Also, side question - are you using Assets field in Jira or Jira Service Management projects? (not that it should make a difference but I'm just checking your use case and how you stumbled upon this particular issue/limitation).
Cheers,
Tobi
Hi, First of all I'm using Jira Service Management. We create a custom field with the values in the asset schemas. They need to be able to see these values from within the custom field. For this reason, we do not hide the roles in the asset scheme, but when you click on an asset custom field set on an issue, the asset's popup opens and you can see and navigate other objects from that screen. What we are trying to prevent is that a popup does not appear when you press the asset field on the issue. We decided to do this because we couldn't restrict the roles.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Got it. Can you maybe just make a screenshot of that screen? Specifically, this part:
...but when you click on an asset custom field set on an issue, the asset's popup opens and you can see and navigate other objects from that screen...
I'd just like to be on the same page as I'm still not 100% sure which screen are we talking about.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry I cannot share any kind of image because of the company policy. But I can describe it like it's the asset script that appears when we click on the asset custom field when we hover over the issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.