Defect #5383: Redmine.pm auth vulnerability - Redmine

Actions

Copy link

Defect #5383

closed

Redmine.pm auth vulnerability

Added by Yar Isakov about 14 years ago. Updated over 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

SCM

Target version:

Start date:

2010-04-26

Due date:

% Done:

100%

Estimated time:

Resolution:

Fixed

Affected version:

0.9.3

Description

Hello, I found that even if project is non-public, any user can see subversion storage of it through Redmine.pm. Also, if user was authenticated through LDAP, his permission was not checked (so he can checkout and/or commit to it). Here is my patch for these issues

Files

Download all files

redmine.pm.patch (1.05 KB) redmine.pm.patch		Yar Isakov, 2010-04-26 15:53
redmine.pm.patch (1.48 KB) redmine.pm.patch	fixed fix	Yar Isakov, 2010-04-26 21:08

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #5383

Redmine.pm auth vulnerability

Updated by Yar Isakov about 14 years ago

Updated by Holger Just almost 14 years ago

Updated by Bennet Pritchard over 12 years ago