2 matches found
EUVD-2025-19327
Malicious code in bioql PyPI...
"User Custom Field Value" permission type incorrectly exposes JIRA project names to everyone
Problem: Project names are shown to users with no permission to see the project. Impact: Security hole! Recipe: it helps to have two browsers open one logged in as admin the other as the user I will create called dummy Add user dummy Add project blah Add custom field myuser of type user picker,...