Lucene search
K

539 matches found

Atlassian
Atlassian
added 2009/07/28 5:51 a.m.28 views

Allow issue security level to use any custom field that implements UserCFNotificationTypeAware

It would be useful to be able to set the security level on an issue to include everyone who participated on an issue so if you had a security level that was only the reporter and the assignee, if the issue needs to get reassigned the issue could still be seen by the original assignee. The JIRA...

0.6AI score
Exploits0Affected Software1
Prion
Prion
added 2008/01/17 10:0 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field...

4.3CVSS6.1AI score0.01065EPSS
Exploits0References5Affected Software1
Atlassian
Atlassian
added 2007/11/02 3:23 a.m.23 views

You are able to delete a Custom Field that is referenced in Permission settings.

If you add a User Custom Field as a permission in a permission scheme or issue level security scheme, you are then able to delete the Custom Field without validation or warnings. After deleting the field, you are still able to see the Custom Field ID in the permission scheme, although it can...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/11/02 3:23 a.m.23 views

You are able to delete a Custom Field that is referenced in Permission settings.

If you add a User Custom Field as a permission in a permission scheme or issue level security scheme, you are then able to delete the Custom Field without validation or warnings. After deleting the field, you are still able to see the Custom Field ID in the permission scheme, although it can...

1AI score
Exploits0
Atlassian
Atlassian
added 2007/11/02 3:23 a.m.21 views

You are able to delete a Custom Field that is referenced in Permission settings.

If you add a User Custom Field as a permission in a permission scheme or issue level security scheme, you are then able to delete the Custom Field without validation or warnings. After deleting the field, you are still able to see the Custom Field ID in the permission scheme, although it can...

1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/24 6:4 a.m.18 views

Issues not shown in issue navigator that a user has permission for according to the issue security level

Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...

0.8AI score
Exploits0
Atlassian
Atlassian
added 2007/10/24 6:4 a.m.21 views

Issues not shown in issue navigator that a user has permission for according to the issue security level

Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/24 6:4 a.m.26 views

Issues not shown in issue navigator that a user has permission for according to the issue security level

Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/09 3:24 p.m.23 views

user value of JiraAuthenticationContext not set is SOAP service getIssue()

Call to JiraAuthenticationContext.setUser missing during getIssue SOAP service call. Service call will fail silently if there are custom fields with explicit secutity checking for attributes derived from current user. In my case I try to verify existance of an issue using getIssue SOAP service...

1.6AI score
Exploits0
Atlassian
Atlassian
added 2007/09/13 5:12 a.m.16 views

Multi user custom field cannot be used with the assignable user permission

If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2007/09/13 5:12 a.m.56 views

Multi user custom field cannot be used with the assignable user permission

If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/09/13 5:12 a.m.14 views

Multi user custom field cannot be used with the assignable user permission

If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/03/27 7:41 a.m.19 views

Deleting a custom field which has an issue security scheme or permission scheme on it does not update the index and issue navigator is out of date

emphasized textSimilar to JRA-12410 - deleting a custom field does not adequately clean up after itself. Specifically, affected issues are not reindexed so the updated security and permission aspects are not reflected in search results which is a security hole. Note that a naive fix may produce...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2007/03/27 7:41 a.m.19 views

Deleting a custom field which has an issue security scheme or permission scheme on it does not update the index and issue navigator is out of date

Similar to JRA-12410 - deleting a custom field does not adequately clean up after itself. Specifically, affected issues are not reindexed so the updated security and permission aspects are not reflected in search results which is a security hole. Note that a naive fix may produce performance...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/03/27 7:41 a.m.18 views

Deleting a custom field which has an issue security scheme or permission scheme on it does not update the index and issue navigator is out of date

emphasized textSimilar to JRA-12410 - deleting a custom field does not adequately clean up after itself. Specifically, affected issues are not reindexed so the updated security and permission aspects are not reflected in search results which is a security hole. Note that a naive fix may produce...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/03/21 4:40 a.m.22 views

Deleting a custom field which has an issue security scheme or permission scheme on it causes system error

A custom field with an issue security scheme based on it is deleted. A subsequent search on a issue under this security scheme causes a system error...

1.4AI score
Exploits0
Atlassian
Atlassian
added 2007/03/21 4:40 a.m.16 views

Deleting a custom field which has an issue security scheme or permission scheme on it causes system error

A custom field with an issue security scheme based on it is deleted. A subsequent search on a issue under this security scheme causes a system error...

1.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/03/21 4:40 a.m.20 views

Deleting a custom field which has an issue security scheme or permission scheme on it causes system error

A custom field with an issue security scheme based on it is deleted. A subsequent search on a issue under this security scheme causes a system error...

1.4AI score
Exploits0Affected Software1
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.5 views

Security update 1970-01-01

...

5.3AI score
Exploits0
Rows per page
Query Builder