Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Variable[View/Edit]Unscoped permissions don't comply with project scoping (CVE-2019-11632) #5529

Closed
TomPeters opened this issue May 1, 2019 · 3 comments
Assignees
Labels
area/security feature/permissions kind/bug This issue represents a verified problem we are committed to solving LTS/2019.3 This issue affects 2019.3 LTS tag/regression This issue was addressed and shipped, but subsequently broken in another release
Milestone

Comments

@TomPeters
Copy link

TomPeters commented May 1, 2019

This bug represents this issue in LTS 2019.3

@TomPeters TomPeters added kind/bug This issue represents a verified problem we are committed to solving area/security feature/permissions tag/regression This issue was addressed and shipped, but subsequently broken in another release labels May 1, 2019
@TomPeters TomPeters self-assigned this May 1, 2019
@TomPeters TomPeters added this to the 2019.3.2 milestone May 1, 2019
@TomPeters
Copy link
Author

@TomPeters
Copy link
Author

TomPeters commented May 1, 2019

Release Note: Fixed an access control bug where project scoping was not being applied for VariableViewUnscoped and VariableEditUnscoped permissions (CVE-2019-11632)

@TomPeters TomPeters changed the title (LTS 2019.3) Variable[View/Edit]Unscoped permissions don't comply with project scoping (LTS 2019.3) Variable[View/Edit]Unscoped permissions don't comply with project scoping (CVE-2019-11632) May 1, 2019
@TomPeters TomPeters added the LTS label May 1, 2019
@TomPeters TomPeters changed the title (LTS 2019.3) Variable[View/Edit]Unscoped permissions don't comply with project scoping (CVE-2019-11632) Variable[View/Edit]Unscoped permissions don't comply with project scoping (CVE-2019-11632) May 1, 2019
@michaelnoonan michaelnoonan added LTS/2019.3 This issue affects 2019.3 LTS and removed LTS labels May 2, 2019
@lock
Copy link

lock bot commented Jul 31, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

@lock lock bot locked as resolved and limited conversation to collaborators Jul 31, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area/security feature/permissions kind/bug This issue represents a verified problem we are committed to solving LTS/2019.3 This issue affects 2019.3 LTS tag/regression This issue was addressed and shipped, but subsequently broken in another release
Projects
None yet
Development

No branches or pull requests

2 participants