Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avatar picture can be accessed without any login #6389

Closed
localguru opened this issue Mar 17, 2017 · 4 comments
Closed

avatar picture can be accessed without any login #6389

localguru opened this issue Mar 17, 2017 · 4 comments

Comments

@localguru
Copy link
Contributor

Rocket.Chat Version: 0.52.0

The avatar picture can be accessed without any login:

https://rc.domain.com/avatar/youruser
@MartinSchoeler
Copy link
Contributor

Duplicate of #3480 and #3481

@localguru
Copy link
Contributor Author

Why closed, if there is no solution? I think it's a security issue.

@JSzaszvari
Copy link
Contributor

As @MartinSchoeler pointed out, it's a duplicate issue with a pull request provided in #3481 if you wish to fix it.

Many external apps and integrations rely on being able to access the avatar, and until there is a mechanism to do that through OAuth it's probally not really a priority for the RC team.

@localguru
Copy link
Contributor Author

@JSzaszvari please reopen as this is a security issue and #3481 has been closed to, so there is no open ticket to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JSzaszvari @localguru @MartinSchoeler