•  
      request #9504 Prevent spoofing of permission request message
    Infos
    #9504
    Thomas Gerbet (tgerbet)
    2016-09-22 17:27
    2016-09-19 11:17
    9775
    Details
    Prevent spoofing of permission request message
    Currently when a user can not access to a project or to the document manager, a message can be sent to the admins to request the permissions.
    The message can be manipulated and sent as an other user if the userId parameter of the form is manipulated.

    This issue was found by Mehmet Ince from PRODAFT.
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2016-09-22
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Integrated into Tuleap 8.19.99.21

    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2016-09-22
    User avatar
    Thomas Gerbet (tgerbet)2016-09-19 11:34
    A patch is under review: gerrit #6517.

    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Status changed from Under implementation to Under review