[XPORTER-2814] Security breach regarding Permission schemes when a JQL iteration is defined on templates - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Release 6.1.8
Fix Version/s: 6.5.2
Component/s: Permission Schemes, Security
Labels:
- security_vulnerability_medium

Requirement Status:
OK
- 1

Description

Through JQL expression, it is possible to export all information in jira, bypassing the security that may exist (using permission schemes).

Steps to reproduce:

Disable Xporter for all users and projects
Create a project called "DEMO"
Create a permission scheme to allow export Stories from DEMO project.
Create a template with a JQL iteration where the JQL query return issues from another project, for example
Install the template
Go to a DEMO Story issue and export using the template created.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Capturar.PNG
7 kB
21/Oct/19 5:24 PM
Capturar1.PNG
10 kB
21/Oct/19 5:26 PM
JQL_Oracle (6).docx
12 kB
21/Oct/19 5:27 PM
JQL_Oracle (6) (2).docx
10 kB
21/Oct/19 5:28 PM

Issue Links

links to

mentioned in: Page Loading...

Activity

People

Assignee:: Rui Rodrigues

Reporter:: Tiago Silva [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Oct/19 5:24 PM

Updated:: 03/Aug/20 1:44 PM

Resolved:: 03/Aug/20 1:44 PM

Time Tracking

Estimated:

0m

Remaining:

0m

Logged:

1d 6h 45m