Project

General

Profile

Actions
Copy link

Defect #18159

closed

Security issue when using local repositories

Added by Luciano Silveira over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Duplicate
Affected version:

Description

Access to local repositories uses the system access rules. Since the system user used to run Redmine is unique, all local repositories must be accessible by this user. So, if a manager of one project knows the path to the repository of another project, he or she can configure a local repository for his/her own project using that path, obtaining reading access to that repository.

Related issues

Is duplicate of Redmine - Feature #10966: [SECURITY] Project Managers should not be able to choose an URL for a local repositoryClosed

Actions
Actions
Copy link
 #1

Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

Same as #10966.

Actions
Copy link
 #2

Updated by Jean-Philippe Lang over 9 years ago

  • Is duplicate of Feature #10966: [SECURITY] Project Managers should not be able to choose an URL for a local repository added
Actions
Copy link

Also available in: Atom PDF