Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bug? board title visible when visiting a board without permission to view

sparr
sparr March 20, 2018

I do not have permission to view a particular project. I cannot see that project in the project list. I cannot see a particular board in the board list, when that board is part of that project. If I visit the URL of the board directly, I get a modal information div that says:

Error

The requested board cannot be viewed because it either does not exist or you do not have permission to view it.


However, beside/behind/below that div I can see the title of the board and the names of its filters.

This seems like a minor privilege bug, leaking a bit of information that shouldn't be.

Comment
Watch
Like Be the first to like this
695 views

1 comment

sparr
sparr March 20, 2018

Hypothetical information leak case: The title of the board or the name of a filter contains some information about an unpublished impending software release date, such as a "Features flagged for July release" filter when the planned release in July has not yet been announced.

Like
Reply

Comment

Log in or Sign up to comment
Atlassian logo
Archived Groups and Collections
TAGS
AUG Leaders

Atlassian Community Events

    See all events