Loading...

XML

Word

Printable

Type: Defect (Security)
Resolution: Fixed
Priority: Critical
Fix Version/s: 3.0.14rc1, 3.2.11rc1, 3.4.5rc1, 4.0.0alpha1, 4.0 (plan)
Affects Version/s: 4.0.0alpha1
Component/s: Frontend (F)
Labels:
- scripts
- security

Sprint:
Sprint 19, Sprint 21, Sprint 22
Story Points:
0.5

Guest can open script execution link, for example /scripts_exec.php?hostid=10084&scriptid=1
So guest can change script and host ids to see confidential information, for example host ip

Thanks to vjaceslavs

Assignee:: Miks Kronkalns

Reporter:: Natalja Romancaka

Team:: Team A

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2017 Aug 29 14:15

Updated:: 2024 Apr 10 16:55

Resolved:: 2017 Dec 27 10:33

Details

Description

Attachments

Activity

People

Dates