View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003886 | Composr | stats | public | 2019-09-25 02:03 | 2020-06-23 16:23 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Severity | Security-hole | ||||
| Status | resolved | Resolution | fixed | ||
| Product Version | 10.0.28 | ||||
| Fixed in Version | |||||
| Summary | 0003886: Illicit stats access vulnerability via direct URL access | ||||
| Description | The URLs to stats .svg graph files are predictable and not protected, meaning anyone may access the graph files. | ||||
| Tags | No tags attached. | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
This issue is fixed in https://gitlab.com/composr-foundation/composr/commit/8efd2ba863bd8c452039bf4174efbee91dd0ab8b - as it was discovered as a part of a review around issue 0003876. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-09-25 02:03 | Chris Graham | New Issue | |
| 2019-09-25 02:03 | Chris Graham | Note Added: 0006097 | |
| 2019-09-25 02:04 | Chris Graham | Assigned To | => Chris Graham |
| 2019-09-25 02:04 | Chris Graham | Status | non-assigned => resolved |
| 2019-09-25 02:04 | Chris Graham | Resolution | open => fixed |
| 2019-09-25 02:05 | Chris Graham | Product Version | 11 alpha1 => 10.0.28 |
| 2019-09-25 02:05 | Chris Graham | Fixed in Version | 11 alpha1 => 10.0.28 |
| 2019-09-25 02:05 | Chris Graham | Target Version | 11 alpha1 => 10.0.28 |
| 2019-09-26 02:43 | Chris Graham | View Status | private => public |
| 2020-06-23 16:23 | Chris Graham | Fixed in Version | 10.0.28 => 11 alpha1 |
| 2020-06-23 16:23 | Chris Graham | Target Version | 10.0.28 => 11 alpha1 |
