Ticket #494 (closed Defect: fixed)

Opened 7 years ago

Last modified 5 years ago

security issue

Reported by: JuergeN Owned by: jri
Priority: Major Milestone:
Component: DeepaMehta Standard Distribution Version: 4.1
Keywords: Cc:
Complexity: 3 Area:
Module:

Description

In Version 4.1 a user can add herself to any workspace. As admin I created a new workspace named 'test'. In test I created a new user named 'testuser'. Then I logged in as testuser and assigned myself to the DeepaMehta workspace. Then I had all permissions to create new users etc.

Change History

comment:1 Changed 7 years ago by dgf

  • Milestone set to Release 4.1.4

comment:2 Changed 7 years ago by jri

  • Milestone Release 4.1.4 deleted

comment:3 Changed 5 years ago by jri

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in DM 4.5.
Waterproof only in current DM 4.6-SNAPSHOT.

Note: See TracTickets for help on using tickets.