Ticket #132 (closed defect: fixed)

Opened 5 years ago

Last modified 4 years ago

Security hole - read package/group list (REST)

Reported by: dread Owned by: rgrp
Priority: minor Milestone:
Component: ckan Keywords:
Cc: Repository:
Theme:

Description

Using REST interface you can list packages and groups without authorization being checked.

Can be fixed using more advanced query to check authz.

Change History

comment:1 Changed 4 years ago by dread

  • Status changed from new to closed
  • Resolution set to fixed

This was fixed before and now works.

Note: See TracTickets for help on using tickets.