search

kenjin-work / pe

0 stars 0 forks source link

No user logged in, yet able to see address book #1

Open kenjin-work opened 7 months ago

kenjin-work commented 7 months ago

Upon initial launch of the application, there is no user logged in. Yet we are already able to see pre-existing address books. This is leakage of user data.

Steps to reproduce:

  1. Ensure no ./data folder in the folder you're launching the .jar.
  2. Run the jar.

image.png

soc-se-bot commented 7 months ago

[IMPORTANT!: Please do not edit or reply to this comment using the GitHub UI. You can respond to it using CATcher during the next phase of the PE]

Team's Response

This is sample data. There are no situations that allow user addressbook data to be shown.

It is also mentioned in our UG that this is the observed when starting up the application. There is no different or unintended behaviour.

Hence, we are rejecting this bug, and assigning it a lower severity.

image.png

Items for the Tester to Verify

:question: Issue response

Team chose [response.Rejected]

Reason for disagreement: [replace this with your reason]

## :question: Issue severity Team chose [`severity.VeryLow`] Originally [`severity.High`] - [ ] I disagree **Reason for disagreement:** [replace this with your reason]