Project

General

Profile

Actions
Copy link

Defect #15613

closed

'Add watchers' within the new issue reveals all the accounts

Added by David Hrbáč over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Issues permissions
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Duplicate
Affected version:
2.3.2

Description

Hi,

'Add watchers' within the new issue reveals all the Redmine accounts, not only the project accounts. We consider it as a security issues and we had to remove the link from issue page.

Version:
We are using Redmine 2.3.2.stable

Expected behavior:
Redmine should list only the accounts available to the logged user.

Thanks,
David Hrbáč

Related issues

Is duplicate of Redmine - Defect #15123: "Add watcher" leaks all active usersClosed

Actions
Actions
Copy link
 #1

Updated by Toshi MARUYAMA over 10 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

Duplicate with #15123.

Actions
Copy link
 #2

Updated by Toshi MARUYAMA over 10 years ago

  • Is duplicate of Defect #15123: "Add watcher" leaks all active users added
Actions
Copy link

Also available in: Atom PDF