Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #8787 SVN access files are not updated when a binded user group is modified
    Actions
    Infos
    #8787
    Thomas Gerbet (tgerbet)
    2016-02-04 14:26
    2016-01-15 15:34
    8899
    Details
    SVN access files are not updated when a binded user group is modified

    SVN access files with binded user groups are not properly updated.

    Impact

    A user could still have the specific rights of a group when it have been removed or at the contrary does not have these specific rights.
    CVSS2 score: 3.6 (AV:N/AC:H/Au:S/C:P/I:P/A:N)
    CVSS3 score: 4.2 (3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

    Reproduction

    Create two projects: project1 and project2.

    In project1 add two users in a user group. In project2 create a binded user group to the user group you have created in project1.

    References

    https://cwe.mitre.org/data/definitions/269.html

    SCM/Subversion
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2016-01-22
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #8787

    Artifact Tracker v5

    rel #8700 8.11

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/95/4995/4' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 68638b7e9a
    User avatar Yannis ROSSETTO (rossettoy) , 2016-01-22 16:53
    request #8787: SVN access files are not updated when a binded user group is modified 68b7ca839b
    User avatar Thomas Gerbet (tgerbet) , 2016-01-22 11:41

    Release

    release #120
    Referenced by request #8787

    Other

    gerrit #4995
    Display settings

    Follow-ups

    User avatar
    Yannis ROSSETTO (rossettoy)2016-01-22 16:54
    Merged in Tuleap 8.10.99.31
    • Status changed from Under review to Closed
    • Close date set to 2016-01-22