Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-6489

information leak in tag cloud - ignoring access rights

    XMLWordPrintable

Details

    • security, access rights
    • Low
    • Hard

    Description

      The tag cloud shows the user all available tags.
      This includes tags for pages which the user has no view right.

      This exposes tags of "confidential pages" to the unregistered guest user.

      Attachments

        Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-20002 Tags from non-viewable pages are returned from livetable results

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-20002 Tags from non-viewable pages are returned from livetable results

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9069 Private document name leak in document index

          • Major - Major loss of function.
          • Closed

          Activity

            People

              mleduc Manuel Leduc
              dirk@computer42.org H.-Dirk Schmitt
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: