Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] ability to by-pass protection on photo edition #49

Closed
plegall opened this issue Mar 24, 2020 · 1 comment
Closed

[security] ability to by-pass protection on photo edition #49

plegall opened this issue Mar 24, 2020 · 1 comment
Assignees
@plegall
Labels
bug
Milestone
2.10.a

Comments

@plegall
Copy link
Owner

plegall commented Mar 24, 2020

CVE-2020-9468 reported by Zak S.

Further, a malicious user can modify the value of the 'image_id' parameter to any existing image id. There are no access controls to prevent a user from manipulating information on images that are in albums to which they do not have access.
@plegall plegall added the bug label Mar 24, 2020
@plegall plegall added this to the 2.10.a milestone Mar 24, 2020
@plegall plegall self-assigned this Mar 24, 2020
@plegall
Copy link
Owner Author

plegall commented Mar 24, 2020

Fixed on 453c9d0#diff-f6b85d15e4b70dbdd9e81f457d9df695L267

@plegall plegall closed this as completed Apr 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@plegall plegall

Labels
bug
Projects
None yet
Milestone
2.10.a
Development

No branches or pull requests
1 participant
@plegall