Restricted project tickets leaking

322
Defect
-
3.0.7
-
Users
Fixed
Normal
Normal
4 years ago
3 years ago
0

Description

What did you do to cause this?

I logged out and viewed the user page of a user with access to a restricted project.

What page were you on?

I was on the user page. Example. The "Staff Tracker" and associated tickets are part of a restricted project.

What PHP and MySQL versions do you run?

5.3.3-7+squeeze14, 5.1.66-0+squeeze1

Describe the defect:

Information meant to be private is leaking out through generally public pages. The information should be hidden from the user unless they have access to the group and tickets in question.

Ticket History

4 years and 6 months ago by Jack

  • Closed ticket as Fixed