Project

General

Profile

Actions
Copy link

Defect #31778

closed

Total estimated time issue query column and issue field might leak information

Added by Felix Schäfer over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Go MAEDA
Category:
Issues
Target version:
3.4.12
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

The total estimated time information will show the sum of the estimated times of the issues and its subissues. This calculation does not verify if the current user is allowed to see the sub issues though, which might lead to an information leak.

Attached is a patch with a test for this issue. This patch was created and contributed by Gregor Schmidt.

Files

0001-Limit-total_estimated_hours-to-visible-issues.patch (4.71 KB) 0001-Limit-total_estimated_hours-to-visible-issues.patch Felix Schäfer, 2019-07-23 17:04

Related issues

Related to Redmine - Defect #32022: IssueSubtaskingTest fails with high probabilityClosedGo MAEDA

Actions
Actions
Copy link
 #1

Updated by Go MAEDA over 4 years ago

  • Target version set to 4.0.5

Setting the target version to 4.0.5.

Actions
Copy link
 #2

Updated by Go MAEDA over 4 years ago

  • Status changed from New to Resolved
  • Assignee set to Go MAEDA

Committed the fix. Thank you.

Actions
Copy link
 #3

Updated by Go MAEDA over 4 years ago

  • Status changed from Resolved to Closed
  • Target version changed from 4.0.5 to 3.4.12
Actions
Copy link
 #4

Updated by Go MAEDA over 4 years ago

  • Related to Defect #32022: IssueSubtaskingTest fails with high probability added
Actions
Copy link

Also available in: Atom PDF