Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Blocker
Fix Version/s: 13.10.8, 14.4.3, 14.6
Affects Version/s: 8.1
Component/s: REST, Security
Labels:

Tests:

Unit
Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

It is possible to access information about content that is not visible for unauthenticated users by using the REST API. A XWiki instance that gives no information to the user using the web interface should do the same using the API. The response to the following request has information to modifications of content that is otherwise not visible:

/xwiki/rest/wikis/xwiki/modifications?start=0&number=100000&date=1

Attachments

Issue Links

links to

Github Security advisory

Activity

People

Assignee:: Manuel Leduc

Reporter:: Fabian Hafner

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Jul/22 12:28

Updated:: 02/Apr/24 10:29

Resolved:: 19/Jul/22 09:33