Custom Query (2152 matches)
Results (2020 - 2022 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#134 | fixed | admin interface is only available to sysadmins | rgrp | dread |
#133 | fixed | Security hole - search package/group (WUI & REST) | rgrp | dread |
Description |
Using WUI or REST interface you can search packages and groups without authorization being checked. On the REST interface you can also read all the attributes of the packages using the 'all-fields' option. Can be fixed using more advanced query to check authz. |
|||
#132 | fixed | Security hole - read package/group list (REST) | rgrp | dread |
Description |
Using REST interface you can list packages and groups without authorization being checked. Can be fixed using more advanced query to check authz. |
Note: See TracQuery
for help on using queries.