This bug applies if you have OroCRM Enterprise Edition and Multi Organizations setup. It’s possible to see ALL DATA FROM OTHER ORGANIZATIONS when you generate a reports using an entity that doesn’t have Ownership Type.
Do you guys have any tips to solve it?
Steps to simulate:
1) Go to http://demo.orocrm.com
2) Create a report using EXACT this fields structure from Activity List Entity:
3) This is your report with leaked data from all organizations
The forum ‘OroCRM – Security’ is closed to new topics and replies.