Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-6489

information leak in tag cloud - ignoring access rights

    XMLWordPrintable

Details

    • security, access rights
    • Low
    • Hard

    Description

      The tag cloud shows the user all available tags.
      This includes tags for pages which the user has no view right.

      This exposes tags of "confidential pages" to the unregistered guest user.

      Attachments

        Issue Links

          Activity

            People

              mleduc Manuel Leduc
              dirk@computer42.org H.-Dirk Schmitt
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: