Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-6489

information leak in tag cloud - ignoring access rights

    XMLWordPrintable

Details

    • security, access rights
    • Low
    • Hard

    Description

      The tag cloud shows the user all available tags.
      This includes tags for pages which the user has no view right.

      This exposes tags of "confidential pages" to the unregistered guest user.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9069 Private document name leak in document index

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              dirk@computer42.org H.-Dirk Schmitt
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: