Custom Query (2152 matches)
Results (712 - 714 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#133 | fixed | Security hole - search package/group (WUI & REST) | rgrp | dread |
Description |
Using WUI or REST interface you can search packages and groups without authorization being checked. On the REST interface you can also read all the attributes of the packages using the 'all-fields' option. Can be fixed using more advanced query to check authz. |
|||
#132 | fixed | Security hole - read package/group list (REST) | rgrp | dread |
Description |
Using REST interface you can list packages and groups without authorization being checked. Can be fixed using more advanced query to check authz. |
|||
#1585 | fixed | Security fix | dread | |
Description |
(details embargoed until 31/1/2012) |
Note: See TracQuery
for help on using queries.