Open Bug 1635341 Opened 5 years ago Updated 5 years ago

Can get status of secure bugs by referencing bug

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: mymindstorm, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0

Steps to reproduce:

  1. Create a restricted bug by checking the security box
  2. Reference the restricted bug in a public bug
  3. Logout
  4. Hover over the restricted bug link and you should see the status and title of the restricted bug

Example: https://bugzilla-dev.allizom.org/show_bug.cgi?id=1396254

Actual results:

I was able to see the title and status of the restricted bug.

Expected results:

I should not be able to view any details of the restricted bug.

Summary: Can get status and title of secure bugs by referencing bug → Can get status of secure bugs by referencing bug

I made a mistake in the report, you cannot see the title of a restricted bug, just the status.

So what? What does it tell you that a bug with some number is FIXED or not if you can't tell what that bug is about.

Pretty much. You can't get the bug status from directly going to the bug or via the API.

Because this bug's Severity is normal and has not been changed, and this bug's priority is -- (none,) indicating it has has not been previously triaged, the bug's Severity is being updated to -- (default, untriaged.)

Severity: normal → --
You need to log in before you can comment on or make changes to this bug.