Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Bug? board title visible when visiting a board without permission to view

I do not have permission to view a particular project. I cannot see that project in the project list. I cannot see a particular board in the board list, when that board is part of that project. If I visit the URL of the board directly, I get a modal information div that says:

Error

The requested board cannot be viewed because it either does not exist or you do not have permission to view it.


However, beside/behind/below that div I can see the title of the board and the names of its filters.

This seems like a minor privilege bug, leaking a bit of information that shouldn't be.

1 comment

Hypothetical information leak case: The title of the board or the name of a filter contains some information about an unpublished impending software release date, such as a "Features flagged for July release" filter when the planned release in July has not yet been announced.

Comment

Log in or Sign up to comment
TAGS
Community showcase
Published in Jira

REST APIs and webhooks: deprecation of the Epic Link, Parent Link and other related fields

We’ve recently announced some changes to Jira REST APIs and webhooks involving issue parents. As a result, in Jira REST APIs and webhooks, the " Epic Link" , " epic" , and " Parent Link" fields, as ...

118 views 0 0
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you