Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-19997

Access information about modifications using the REST API that should not be accesible for unauthenticated users

    XMLWordPrintable

Details

    • Unit
    • Unknown
    • N/A
    • N/A

    Description

      It is possible to access information about content that is not visible for unauthenticated users by using the REST API. A XWiki instance that gives no information to the user using the web interface should do the same using the API. The response to the following request has information to modifications of content that is otherwise not visible:

      /xwiki/rest/wikis/xwiki/modifications?start=0&number=100000&date=1

       

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-22052 Lack of permission check during access to page information.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          links to

          Web Link Github Security advisory

          Activity

            People

              mleduc Manuel Leduc
              fhafner Fabian Hafner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: