Defect #15613: 'Add watchers' within the new issue reveals all the accounts - Redmine

Defect #15613

'Add watchers' within the new issue reveals all the accounts

Added by David Hrbáč almost 7 years ago. Updated almost 7 years ago.

Status:

Closed

Start date:

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Issues permissions

Target version:

Resolution:

Duplicate

Affected version:

2.3.2

Description

Hi,

'Add watchers' within the new issue reveals all the Redmine accounts, not only the project accounts. We consider it as a security issues and we had to remove the link from issue page.

Version:
We are using Redmine 2.3.2.stable

Expected behavior:
Redmine should list only the accounts available to the logged user.

Thanks,
David Hrbáč

Related issues

History

#1 Updated by Toshi MARUYAMA almost 7 years ago

Status changed from New to Closed
Resolution set to Duplicate

Duplicate with #15123.

#2 Updated by Toshi MARUYAMA almost 7 years ago

Duplicates Defect #15123: "Add watcher" leaks all active users added

Also available in: Atom PDF

Redmine

Issues

Custom queries

Defect #15613

'Add watchers' within the new issue reveals all the accounts

History

#1 Updated by Toshi MARUYAMA almost 7 years ago

#2 Updated by Toshi MARUYAMA almost 7 years ago