View Issue Details

IDProjectCategoryView StatusLast Update
0003886Composrstatspublic2019-09-26 02:43
ReporterChris GrahamAssigned ToChris Graham 
SeveritySecurity-hole 
Status resolvedResolutionfixed 
Product Version10.0.28 
Fixed in Version10.0.28 
Summary0003886: Illicit stats access vulnerability via direct URL access
DescriptionThe URLs to stats .svg graph files are predictable and not protected, meaning anyone may access the graph files.
TagsNo tags attached.
Attach Tags
Time estimation (hours)
Sponsorship open

Activities

Chris Graham

2019-09-25 02:03

administrator   ~0006097

This issue is fixed in https://gitlab.com/composr-foundation/composr/commit/8efd2ba863bd8c452039bf4174efbee91dd0ab8b - as it was discovered as a part of a review around issue 0003876.

Issue History

Date Modified Username Field Change
2019-09-25 02:03 Chris Graham New Issue
2019-09-25 02:03 Chris Graham Note Added: 0006097
2019-09-25 02:04 Chris Graham Assigned To => Chris Graham
2019-09-25 02:04 Chris Graham Status non-assigned => resolved
2019-09-25 02:04 Chris Graham Resolution open => fixed
2019-09-25 02:05 Chris Graham Product Version => 10.0.28
2019-09-25 02:05 Chris Graham Fixed in Version => 10.0.28
2019-09-25 02:05 Chris Graham Target Version => 10.0.28
2019-09-26 02:43 Chris Graham View Status private => public