It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Bug? board title visible when visiting a board without permission to view

I do not have permission to view a particular project. I cannot see that project in the project list. I cannot see a particular board in the board list, when that board is part of that project. If I visit the URL of the board directly, I get a modal information div that says:

Error

The requested board cannot be viewed because it either does not exist or you do not have permission to view it.


However, beside/behind/below that div I can see the title of the board and the names of its filters.

This seems like a minor privilege bug, leaking a bit of information that shouldn't be.

1 comment

Hypothetical information leak case: The title of the board or the name of a filter contains some information about an unpublished impending software release date, such as a "Features flagged for July release" filter when the planned release in July has not yet been announced.

Comment

Log in or Sign up to comment
Community showcase
Posted in Jira Core

How to manage many similar workflows?

I have multiple projects that use variations of the same base workflow. The variations depend on the requirements of the project or issue type. The variations mostly come in the form of new statuses ...

1,099 views 7 0
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you