[rt-users] RT (4.0.18) search engine is leaking informations about unallowed tickets
falcone at bestpractical.com
Fri Dec 13 10:50:53 EST 2013
On Fri, Dec 13, 2013 at 04:06:20PM +0100, benoit plessis wrote:
> I'm experiencing something weird with the latest 4.0.xx release, when some low privileges
> users search for tickets RT give away of unwanted informations.
> Example: the default dashboard search for unowned tickets display "70 tickets found" in the
> title part, include a two-pages navigation, but only display 1 ticket, the only one the user
> is allowed to see.
> This also break the dashboard view, since the first ten tickets aren't accessible the view is
> I'm not sure if it's a recent change or not since up to now all of our users had at least
> readonly access to all of the queues/tickets.
Off on 4.0, on on 4.2. You sound like you want to turn it on.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 235 bytes
Desc: not available
More information about the rt-users