Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Confidential informations : With quote button all users can see it #3990

Closed
rich20 opened this issue Jun 4, 2016 · 1 comment
Closed

Confidential informations : With quote button all users can see it #3990

rich20 opened this issue Jun 4, 2016 · 1 comment
Labels
Milestone

Comments

@rich20
Copy link
Member

@rich20 rich20 commented Jun 4, 2016

Steps to reproduce the issue

1.Write a confidential text and save
2. Login as other user and click on quote

Expected result

No confidential informations

Actual result

The confidential text is included
bildschirmfoto vom 2016-06-04 17 47 53

System information (as much as possible)

Joomla version: 3.5.1 and 3.6.0 Alpha-2
Kunena version: 4.0.10 , 4.0.11-DEV , 5.0.0-RC-DEV
Template: Blue Eagle and Crypsis
Php version: 5.6
Database version:

Additional comments

@rich20 rich20 added this to the 5.0.0 milestone Jun 4, 2016
@rich20 rich20 added this to the 4.0.11 milestone Jun 4, 2016
@rich20 rich20 removed this from the 5.0.0 milestone Jun 4, 2016
@sozzled
Copy link

@sozzled sozzled commented Jun 4, 2016

Oh my God! I just saw this. This means that anyone who is able to use the QUOTE feature can now see any "confidential" information posted by others! This is quite a security problem.

The most important target at this time is to fix this first for K 4.0. I will also check to see if K 3.0.8 is vulnerable.

EDIT: K 3.0.8 is not affected

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants