request #12718 Repositories under the Enalean organization on GitHub have wikis writable to anyone

Infos

Artifact ID#12718

Submitted byThomas Gerbet (tgerbet)

Last Modified On2019-01-10 11:15

Submitted on2019-01-07 11:00

Rank13487

Details

Summary *

Repositories under the Enalean organization on GitHub have wikis writable to anyone

Original Submission

Multiple projects under the Enalean organization on GitHub (https://github.com/Enalean) are writable to anyone without any restrictions.

Impact

A malicious user could exploit this to tarnish the project's reputation or to phish users as the content found in these wikis could be considered as safe.

CategoryOther

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toEmpty

StatusClosed

Close date2019-01-07

Attachments

AttachmentsEmpty

References

Cross references

References list is empty

Follow-ups

Thomas Gerbet (tgerbet)

2019-01-10 11:15

The reporter has revoked his/her consent to be credited for finding the issue, his/her name has been expunged from the artifact.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Thomas Gerbet (tgerbet)

2019-01-07 11:09

Crediting XXXXXXXXXXXXXXXXX for the finding and report.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Thomas Gerbet (tgerbet)

2019-01-07 11:07

Actions have been taken to fix the issue:
* wikis have been disabled
* permissions have been set to only allow members with push access to edit the wikis if they are enabled back one day

Status changed from Under implementation to Closed
Close date set to 2019-01-07

Public

Impact

Follow-ups