This page requires java-script to be enabled. Please adjust your browser-settings.
streber
PM
Login
|
Register
guest
Home
Your Tasks
Bookmarks
Efforts
Overall history
P
rojects
streber
People
Companies
S
earch:
streber
>
Tasks
|
Docu
|
Milestones
|
Versions
|
Files
|
History
Help
internal
>
notifications
> Bug
index.php?go=triggerSendNotifications: security issue
/
#6669
Move
Bookmark
Summary
For Milestone
v0.0803 - bug fixes
Status
open
Opened
Jul 7, 2008
Created
Jul 7, 2008
/
array
Modified
Jul 7, 2008
/
cody-somerville
View previous 2 versions
Assigned to
pixtur
Attached files
Attached files
No files uploaded
Issue report
Issue report
Severity
Major
Reproducibility
Always
Steps to reproduce
visit
yoursite/index.php?go=triggerSendNotifications
Expected result
If user have no notifications to send it shows a message: "Note: No news for <username>".
So using this link anybody can see all users in the system.
Company client can see all other clients etc.
Suggested Solution
Disable any output if logged user has no administrative rights.
Comment / Update
Add comment
Update
Comment
Details
(
Wiki format
)
Please copy the text