sindre
/
Beelance
关注 1
点赞 0
派生 0
代码 工单 6 合并请求 0 版本发布 0 百科 动态
标签 里程碑
创建工单

#10 Bypassing authorization

已关闭
sindre5 年前创建 · 0 条评论
sindre 评论于 5 年前

User privilege validation is mostly performed on the client side. In this case it allows outside users without project access to perform task-deliveries and accept tasks. This must be done by sending a plain HTTP request instead of interacting through the client web page.

User privilege validation is mostly performed on the client side. In this case it allows outside users without project access to perform task-deliveries and accept tasks. This must be done by sending a plain HTTP request instead of interacting through the client web page.
sindre 5 年前 添加了里程碑 Required fixes
sindre 添加了标签
broken access control
5 年前
sindre 添加了标签
bug
5 年前
sindre 添加了标签
webpy
5 年前
sindre5 年前 关闭
登陆 并参与到对话中。
分支/标记未指定
分支列表 标签列表
标签
清除选中标签
broken access control
Broken access control vulnerability broken authentication
Broken authentication vulnerability bug
Something is not working csrf
Cross site request forgery vulnerability enhancement
New feature injection
Injection vulnerability insecure deserialization
Insecure deserialization vulnerability known vulnerability
Using components with known vulnerabilities logging
Insufficient logging vulnerability nginx
Concerns nginx security misconfiguration
Security misconfiguration vulnerability sensitive data exposure
Sensitive data exposure vulnerability webpy
Concerns the webpy framework
未选择标签
broken access control
broken authentication
bug
csrf
enhancement
injection
insecure deserialization
known vulnerability
logging
nginx
security misconfiguration
sensitive data exposure
webpy
里程碑
取消选中里程碑
未选择里程碑
Required fixes
指派成员
取消指派成员
未指派成员
1 名参与者
到期时间

未设置到期时间。

依赖工单

此工单当前没有任何依赖。

撰写 预览
正在加载...
取消
保存
这个人很懒,什么都没留下。
删除分支 '%!s(MISSING)'

删除分支是永久的。此操作 无法 撤销,继续?

取消操作
确认操作