Roadmap tab is revealing potentially sensitive information
Closed this issue · 1 comments
cristiroma commented
Create a role with permissions:
- View issues
- Issues visibility: "Issues created by, assigned to, watched by, or contributed to by the user"
When visiting the Roadmap tab, the system is revealing:
a) the number of issues in the current sprint
b) the due dates of the current sprint
c) the rate of open/closed issues in the current sprint
If I click on the number of issues shown (i.e. 4 open) .. the reports shows zero because the user does not have the sufficient privileges to view issues assigned to other people.
melish commented
not relevant