Security Hole in Fine Grain Permission
|Reported by:||Richard Li||Owned by:||Christopher Lenz|
|Component:||version control/changeset view||Version:||0.8|
Description (last modified by )
I discovered a security in fine grain permission. When browsing a Changeset with changes not authorized to access, the html based of the diff output is dropped, but one thing missing….
The availability to download the diff in other formats:
breaks the protection to gain access to the unauthorized information.