id summary reporter owner description type status priority milestone component resolution keywords cc repo theme 132 Security hole - read package/group list (REST) dread rgrp "Using REST interface you can list packages and groups without authorization being checked. Can be fixed using more advanced query to check authz." defect closed minor ckan fixed