Audit data is highly sensitive. Saying that all users on a project can view the audit data for that project has to be considered a security vulnerability. This being "the intended behavior" just means someone didn't think things through very well, not that it isn't a security vulnerability... and a bad one at that.
Audit data is highly sensitive. Saying that all users on a project can view the audit data for that project has to be considered a security vulnerability. This being "the intended behavior" just means someone didn't think things through very well, not that it isn't a security vulnerability... and a bad one at that.