starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2026-02-25 03:14:50 +03:00
Code Issues 396 Packages Projects Releases 16 Wiki Activity

Security Concern: Slack Integration Sending Data Regardless of Board Permissions #481

New Issue
Closed
opened 2026-02-04 19:49:59 +03:00 by OVERLORD · 3 comments
OVERLORD commented 2026-02-04 19:49:59 +03:00
Owner
Copy Link

Originally created by @mattboll on GitHub (Apr 19, 2024).

I've identified a potential security concern with our Slack integration. Currently, all data is being sent to Slack channels when the configuration is on, regardless of the user's permissions on the boards. This poses a significant risk as sensitive information might be exposed to unauthorized individuals. Any insights or suggestions on how to mitigate this risk would be greatly appreciated.

I guess we should specify at some point which board should be sent to slack

Originally created by @mattboll on GitHub (Apr 19, 2024). I've identified a potential security concern with our Slack integration. Currently, all data is being sent to Slack channels when the configuration is on, regardless of the user's permissions on the boards. This poses a significant risk as sensitive information might be exposed to unauthorized individuals. Any insights or suggestions on how to mitigate this risk would be greatly appreciated. I guess we should specify at some point which board should be sent to slack
OVERLORD commented 2026-02-04 19:50:10 +03:00
Author
Owner
Copy Link

@mattboll commented on GitHub (Apr 19, 2024):

Even more, instead of a global configuration of the slack bot in environment variable, it should be something by board with the bot token and channel id specific to a board (and I really mean a board and not a project/workspace)

@mattboll commented on GitHub (Apr 19, 2024): Even more, instead of a global configuration of the slack bot in environment variable, it should be something by board with the bot token and channel id specific to a board (and I really mean a board and not a project/workspace)
OVERLORD commented 2026-02-04 19:50:17 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Apr 21, 2024):

Hi! I was thinking about this too when I was accepting this PR. I think we at least need to add a comment to Slack env variables so that users pay attention to it. But of course it would be nice to be able to configure this for specific boards :)

@meltyshev commented on GitHub (Apr 21, 2024): Hi! I was thinking about this too when I was accepting this PR. I think we at least need to add a comment to Slack env variables so that users pay attention to it. But of course it would be nice to be able to configure this for specific boards :)
OVERLORD commented 2026-02-04 19:50:26 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (May 14, 2025):

Should be resolved in v2 with the new notification settings.

@meltyshev commented on GitHub (May 14, 2025): Should be resolved in v2 with the new notification settings.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
bug
documentation
documentation
duplicate
enhancement
good first issue
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/planka#481
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?