[#757] gitweb browsing w/o access control

Description

Summary:

Detailed description

Hi all,

I've been running FF5.0.1 for quite a while & my big bad surprise today is to discover this following link gives access to all our GIT repositories belonging to either public or private projects & such even to non logged in user. http://mysite/plugins/scmgit/cgi-bin/gitweb

And the same thing also occurs on 'fusionforge.org' via ' http://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi'

For me, this is really a 'security' issue & hopefully there 'll be a fix ASAP Thx in advance Regards

General Information
Submitted by:
Chanh TRAN
Date Submitted: 2015-03-02 16:33
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Date Closed: 2015-05-12 13:49
Permalink: https://fusionforge.org/tracker/a_follow.php/757
Actions
Monitor
Votes: 0/1 (0%)
Internal Fields
Data Type: Bugs
Assigned to: Roland Mas (lolando)
State: Closed
Priority: 3
Extra Fields
Resolution:
Fixed
Severity:
critical
Target Release:
6.0
Found in Version:
5.3.2
Follow-up tabs
Message  ↓
Date: 2015-05-12 13:49
Sender: Sylvain Beucler

Confirmed fixed in 6.0.

Date: 2015-04-13 09:22
Sender: Roland Mas

This has been fixed for 6.0: gitweb now runs as the identity of the user making the request, so it has the same permissions.

No attached documents

No related commits.

Field Old Value Date By
status_idOpen2015-05-12 13:49
Sylvain Beucler
close_dateNone2015-05-12 13:49
Sylvain Beucler
assigned_tonone2015-04-13 09:22
Roland Mas
Target ReleaseNone2015-04-13 09:22
Roland Mas
ResolutionNone2015-04-13 09:22
Roland Mas

No relations found.