Launchpad itself

+assignedbugs page shows hidden memberships

Bug #253970 reported by Andrea Corbellini on 2008-08-01

260

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	Critical	Edwin Grubbs

Look at <https://bugs.launchpad.net/~matthew.revell/+assignedbugs>. Under "Matthew Revell's teams" there's ~canonical which is a "hidden" team whereof the members shouldn't be shown, as told in <https://launchpad.net/~canonical> ("You are not allowed to view this team's membership").

Tags:

Revision history for this message

Steve Alexander (stevea) wrote on 2008-08-01:

I have confirmed that the +assignedbugs page is leaking that a user is in a private team, even when I'm accessing Launchpad as an anonymous user.

Francis J. Lacoste (flacoste) on 2008-08-01

Changed in malone:
assignee:	nobody → edwin-grubbs

Edwin Grubbs (edwin-grubbs) on 2008-08-01

Changed in malone:
status:	Triaged → In Progress

Revision history for this message

Edwin Grubbs (edwin-grubbs) wrote on 2008-08-07:

Fixed in r6789. Cherry-picked to edge and lpnet.

Revision history for this message

Christian Reis (kiko) wrote on 2008-08-13:

Verified fixed on edge and lpnet.

Curtis Hovey (sinzui) on 2012-05-09

visibility:

private → public

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.