Defect #16743: Project list lists all projects, even if user is not added to them - Redmine

Actions

Copy link

Defect #16743

closed

Project list lists all projects, even if user is not added to them

Added by Peter L. about 10 years ago. Updated about 10 years ago.

Status:

Closed

Priority:

High

Assignee:

Category:

Accounts / authentication

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Invalid

Affected version:

2.5.1

Description

I added a new user group called "external employees" and just created a user for it.

When I log in, i can already see all projects - even when I have not added the external user to any project.
This seems like a security problem to me?

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #16743

Project list lists all projects, even if user is not added to them

Updated by Peter L. about 10 years ago

Updated by Rafał Lisowski about 10 years ago

Updated by Peter L. about 10 years ago

Updated by Rafał Lisowski about 10 years ago

Updated by Peter L. about 10 years ago

Updated by Jean-Philippe Lang about 10 years ago