diff --git a/CHANGELOG.md b/CHANGELOG.md
index 77cad6222..e6e4e33d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * Debug bar is only checked when the app is set to debug mode in the API session handler, rather than when it is in local mode to match the plugin settings.
 * Added validation to port allocations to prevent allocation of restricted or invalid ports.
 * Fix data integrity exception thrown when attempting to store updated server egg variables.
+* Added missing permissions check on 'SFTP Configuration' page to ensure user has permission to access a server's SFTP server before showing a user credentials.
 
 ### Changed
 * Panel now throws proper 504: Gateway Timeout errors on server listing when daemon is offline.
diff --git a/app/Http/Controllers/Server/Settings/SftpController.php b/app/Http/Controllers/Server/Settings/SftpController.php
index b128ba5c9..58b110bd3 100644
--- a/app/Http/Controllers/Server/Settings/SftpController.php
+++ b/app/Http/Controllers/Server/Settings/SftpController.php
@@ -16,9 +16,12 @@ class SftpController extends Controller
      *
      * @param \Illuminate\Http\Request $request
      * @return \Illuminate\View\View
+     *
+     * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function index(Request $request): View
     {
+        $this->authorize('access-sftp', $request->attributes->get('server'));
         $this->setRequest($request)->injectJavascript();
 
         return view('server.settings.sftp');