[#938] Unauthorized download of project files possible

Description

Summary:

Detailed description

An authenticated user of the application can download uploaded files from other projects without being authorized to do so. The attacker cannot determine from which projects he downloads files, but the files may contain sensitive customer information or access data, for example.

General Information
Submitted by:
Ralf Habacker
Date Submitted: 2021-06-04 11:56
Last Modified by:
Ralf Habacker
Last Modified: 2021-06-04 11:56
Permalink: https://fusionforge.org/tracker/a_follow.php/938
Actions
Internal Fields
Data Type: Bugs
Assigned to: Nobody (None)
State: Open
Priority: 3
Extra Fields
Resolution:
none
Severity:
blocker
Target Release:
none
Found in Version:
5.0.3
Follow-up tabs

No comments have been posted

No attached documents

No related commits.

No changes have been made to this item

No relations found.