Permission Checking Bug in FishEye Changeset Tooltips

2011-11-02T01:44:49
ID ATLASSIAN:FE-3811
Type atlassian
Reporter pwatson
Modified 2015-09-22T08:57:34

Description

We have identified and fixed a permission checking bug in the FishEye changeset tooltips. Affected versions are 2.4.6 to 2.5.6

This bug allows users to view metadata for a changesets that they do not have permission to view.

This issue is reported in our security advisory on the following page:

  • https://confluence.atlassian.com/x/gAjSEQ