Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
1. Create two Groups/Sites (Group A and Group B). Group B is private and has a private page
2. Create an announcment in private Group B.
3. Create an announcment in Group A
4. Create a User who is member of Group A and able to edit announcments. This user is no member of the private Group B.
5. Open the announcment from Group A with "Edit". In the URL you are able to edit the parameter "entryId" to the ID of the announcement from Group B.
You will get this announcmanet from Group B although you are not a member of Group B and you don't have any access rights.
Here is a short URL example:
Issue occurs on Trunk 42351a8 [ahead 3947] too.