Custom Query (2152 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (1438 - 1440 of 2152)

Ticket Resolution Summary Owner Reporter
#120 fixed Security audit dread dread

Reported by dread, 5 years ago.

Description

Look for all places where model is accessed and check authorization is checked.

Document holes (and, as necessary, suggestions for fixes) as new tickets. Likely areas that need looking at:

  • search i/f
  • package WUI commit

Write holes are obviously much more significant to us than read holes.

#1585 fixed Security fix dread

Reported by dread, 2 years ago.

Description

(details embargoed until 31/1/2012)

#132 fixed Security hole - read package/group list (REST) rgrp dread

Reported by dread, 5 years ago.

Description

Using REST interface you can list packages and groups without authorization being checked.

Can be fixed using more advanced query to check authz.

Note: See TracQuery for help on using queries.