Skip to content

Commit

Permalink
Merge pull request from GHSA-v642-mh27-8j6m
Browse files Browse the repository at this point in the history 
Due to insufficient access-level checks on the Wiki redirection page,
any user could reveal private Projects' names, by accessing wiki.php
with sequentially incremented IDs.

Fixes #32981, CVE-2023-44394
  • Loading branch information
@dregad
dregad committed Oct 14, 2023
1 parent 2cf945b commit 65c4488
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions wiki.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,13 @@
if( $f_type == 'project' ) {
if( $f_id !== 0 ) {
project_ensure_exists( $f_id );
access_ensure_project_level( VIEWER, $f_id );
}

$t_url = wiki_link_project( $f_id );
} else {
bug_ensure_exists( $f_id );
access_ensure_bug_level( VIEWER, $f_id );
$t_url = wiki_link_bug( $f_id );
}

Expand Down

0 comments on commit 65c4488

Please sign in to comment.