Custom Query (2152 matches)
Results (607 - 609 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#133 | fixed | Security hole - search package/group (WUI & REST) | rgrp | dread |
Description |
Using WUI or REST interface you can search packages and groups without authorization being checked. On the REST interface you can also read all the attributes of the packages using the 'all-fields' option. Can be fixed using more advanced query to check authz. |
|||
#134 | fixed | admin interface is only available to sysadmins | rgrp | dread |
#135 | fixed | sysadmins defined in the db | rgrp | dread |
Note: See TracQuery
for help on using queries.