Custom Query (2152 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (1438 - 1440 of 2152)

470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490
Ticket Resolution Summary Owner Reporter
#120 fixed Security audit dread dread

Reported by dread, 5 years ago.
Description

Look for all places where model is accessed and check authorization is checked.

Document holes (and, as necessary, suggestions for fixes) as new tickets. Likely areas that need looking at:

  • search i/f
  • package WUI commit

Write holes are obviously much more significant to us than read holes.

#1585 fixed Security fix dread

Reported by dread, 2 years ago.
Description

(details embargoed until 31/1/2012)

#132 fixed Security hole - read package/group list (REST) rgrp dread

Reported by dread, 5 years ago.
Description

Using REST interface you can list packages and groups without authorization being checked.

Can be fixed using more advanced query to check authz.

470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490
Note: See TracQuery for help on using queries.