Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-6489

information leak in tag cloud - ignoring access rights

    Details

    • keywords:
      security, access rights
    • Development Priority:
      Low
    • Difficulty:
      Hard
    • Similar issues:

      Description

      The tag cloud shows the user all available tags.
      This includes tags for pages which the user has no view right.

      This exposes tags of "confidential pages" to the unregistered guest user.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                dirk@computer42.org H.-Dirk Schmitt
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Date of First Response: