CVE-2021-3339

ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen...

user receives email notification even though restriction have been applied to the page

Steps to reproduce : Login to Confluence Create a page Insert a team calendar into the page Ask a user A to watch the page Make changes to team calendar User A is receiving email notification for the calendar as expected Creator of the page restrict the page with the calendar from being viewed by...