h4. Summary
The questions plugin allows administrators to restrict its usage to groups/users, similar to Confluence Permissions. Attachments uploaded to these questions/answers can be found by users that do not have Questions Permission. However, while the attachment can be searched and its title is displayed, clicking on the attachment will display a Not Permitted page:
!Not Permitted.png|thumbnail!
h4. Steps to Reproduce
h4. Expected Results
Nothing is found
h4. Actual Results
The attachment is found and clicking on it the user is greeted with the Not Permitted screen, however, the attachment name is displayed to this user which may contain sensitive information.
h4. Workaround
If the question is tied to a space, this space can be restricted and the attachment won’t be found.
If the question isn’t tied to a space or the space can’t/won’t be restricted, there is no workaround. If one is identified, it’ll be shared here.
CPE | Name | Operator | Version |
---|---|---|---|
confluence data center | le | 7.11.1 |