-
-
Notifications
You must be signed in to change notification settings - Fork 959
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security bug: User is able to see language statistics even no role is granted #5673
Comments
This is documented behaviour: |
This issue looks more like a support question than an issue. We strive to answer these reasonably fast, but purchasing the support subscription is not only more responsible and faster for your business but also makes Weblate stronger. In case your question is already answered, making a donation is the right way to say thank you! |
thanks, but don't you think it's wrong to show those data? especially if you really want to keep your environment secure. |
If you don't want users to have access to any data in Weblate, don't let them register. Registered users will always be able to get some information from the service. The current scope is merely caused by implementation, and is documented. |
@tibormarchynzoom How do you think it is wrong to show that data? |
This issue has been automatically marked as stale because there wasn’t any recent activity. It will be closed soon if no further action occurs. Thank you for your contributions! |
Describe the issue
When you have user which does not belong to any group, any role and does not have any permission, he is still able to navigate to
Languages -> Browse all languages
and see all currently used languages on Weblate server.I already tried
N/A
To Reproduce the issue
Languages -> Browse all languages
Expected behavior
Languages must not be listed
Screenshots
Exception traceback
N/A
Server configuration and status
Weblate 4.5.1
Weblate deploy checks
N/A
Additional context
N/A
The text was updated successfully, but these errors were encountered: