Custom Query (2152 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (607 - 609 of 2152)

193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213
Ticket Resolution Summary Owner Reporter
#133 fixed Security hole - search package/group (WUI & REST) rgrp dread

Reported by dread, 5 years ago.
Description

Using WUI or REST interface you can search packages and groups without authorization being checked.

On the REST interface you can also read all the attributes of the packages using the 'all-fields' option.

Can be fixed using more advanced query to check authz.

#134 fixed admin interface is only available to sysadmins rgrp dread
#135 fixed sysadmins defined in the db rgrp dread
193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213
Note: See TracQuery for help on using queries.