Uploaded image for project: 'SR for Jira - Development'
  1. SR for Jira - Development
  2. SRJIRA-587

Use of "Script Runner" under Administration should be restricted to JIRA System Administrators permission

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Done
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 5.5.0
    • Component/s: None
    • Labels:
    • Environment:

      JIRA 4.1.1, version 1.6 of plugin

    • Sprint:
      Sprint 37 - Ends Nov 14, Sprint 37 - Ends Nov 28, Sprint 37 - Ends Jan 29, Sprint 38 - Next, Sprint 43, Sprint 44, Sprint 45, Sprint 46, Sprint 47
    • Critical Points:
      3.2

      Description

      I love the script runner plugin. It has made it possible for me to do several things that would have otherwise been very difficult for me to achieve.

      It seems that the Script Runner is restricted to administrators perhaps with JIRA Administrators permission. It should be restricted to JIRA System Administrators permission since it could obviously be used to grant oneself JIRA System Administrators permission or to manipulate files on the server. The Jelly runner appears to be restricted to JIRA System Administrators, so this one should be the same.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dluksza Dariusz Luksza
              Reporter:
              jberkenbilt Jay Berkenbilt
              Votes:
              9 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: