Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #11331 Access rights on all administratives actions of Test Management plugin are not verified
    Actions
    Infos
    #11331
    Marie Ange Garnier (marieange)
    2018-06-06 11:00
    2018-03-29 14:32
    11663
    Details
    Access rights on all administratives actions of Test Management plugin are not verified

    Tuleap Test Management does not verify access rights before processing an administrative action.

    Impact

    It is possible for anyone able to access the the Tuleap instance to change any administrative settings of the Tuleap Test Management plugin.

    CVSSv3 score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

    References

    CWE-284

    Test Management
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-06-06
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #10995 Tuleap Releases 10.0 Delivered 2018-04-26 12:21 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #11331

    Git commit

    tuleap/tuleap/stable

    Merge "request #11331 Access rights on all administratives actions of Test Management plugin are not verified" ce751b3de7
    User avatar Yannis ROSSETTO (rossettoy) , 2018-03-31 11:28
    request #11331 Access rights on all administratives actions of Test Management plugin are not verified 44749ac059
    User avatar Marie Ange Garnier (marieange) , 2018-03-29 15:59
    Referenced by request #11331

    Artifact Tracker v5

    rel #10995 10.0

    Other

    gerrit #10925
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2018-06-06 11:00
    Issue has been fixed and backported.

    Closing and disclosing publicly.
    • Status changed from Under review to Closed
    • Close date set to 2018-06-06
    User avatar
    Thomas Gerbet (tgerbet)2018-03-29 15:20
    • Summary
      -TTM administrator page is accessible by anybody 
      +Access rights on all administratives actions of Test Management plugin are not verified 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Category set to Test Management
    • Reported in version set to All