[Vtigercrm-developers] Security bug I believe
Uma S
uma.s at vtiger.com
Sun Jan 10 14:42:06 GMT 2021
Hi Tony,
Thanks! for reporting.
Yes! we were able to reproduce this issue, We have filed an issue
<https://code.vtiger.com/vtiger/vtigercrm/issues/1564>, will be getting it
addressed soon.
On Sat, Jan 9, 2021 at 10:35 AM Tony Sandman <tonysandman999 at gmail.com>
wrote:
> So, I have PO and a related list of Vendors.
> The Users (limited access) have read access to PO through Group.
> The Vendors module is private. All cool as the user cannot see any vendor
> not assigned to him BUT... if the admin adds all other vendors to the
> related list of mentioned PO, limited access users can see all columns from
> Vendors in this related list.
> Emails, names, phone numbers whatever is defined.
> Do you agree this is something unwanted?
>
> T
> _______________________________________________
> http://www.vtiger.com/
--
With
Best Regards
Uma.S
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210110/73f62e6a/attachment.html>
More information about the vtigercrm-developers
mailing list