Closed
Bug 141557
Opened 22 years ago
Closed 22 years ago
allowuserdeletion security hole in edituser.cgi
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: cholmes, Assigned: myk)
Details
(Whiteboard: applied to 2.14.2)
Attachments
(2 files)
768 bytes,
patch
|
myk
:
review+
myk
:
review+
|
Details | Diff | Splinter Review |
781 bytes,
patch
|
gerv
:
review+
gerv
:
review+
|
Details | Diff | Splinter Review |
If I'm a user with the ability to edit other users then I have the ability to delete other users regardless of the allowuserdeletion parameter flag. I simply select a user, then change 'edit' to 'del' in the URL. This is due to two missing "exit;" lines in editusers.cgi. To find them do a search for "PutTrailer" in editusers.cgi - after every occurence of PutTrailer (except the definition) there should be an exit on the next line. Cheers,
Assignee | ||
Updated•22 years ago
|
Group: security?
Comment 1•22 years ago
|
||
Fix, as suggested by reporter. I can confirm the bug, and that this fix prevents it. Gerv
Assignee | ||
Comment 2•22 years ago
|
||
Comment on attachment 81913 [details] [diff] [review] Patch v.1 Yup, that's the fix. 2xr=myk
Attachment #81913 -
Flags: review+
Comment 3•22 years ago
|
||
Fixed. cholmes@cs.umass.edu - thank you very much for reporting this :-) Checking in editusers.cgi; /cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v <-- editusers.cgi new revision: 1.35; previous revision: 1.34 done Gerv
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•22 years ago
|
||
This fix has been applied to b.m.o.
Comment 5•22 years ago
|
||
I just audited every instance of PutTrailer() in edit* - there are no other instances where exit; is missing. Gerv
Updated•22 years ago
|
Target Milestone: --- → Bugzilla 2.16
Comment 6•22 years ago
|
||
munging ccs
Comment 7•22 years ago
|
||
another short one!
Comment 8•22 years ago
|
||
Comment on attachment 83024 [details] [diff] [review] Backported patch for BUGZILLA-2_14_1-BRANCH 2xr=gerv. Gerv
Attachment #83024 -
Flags: review+
Comment 9•22 years ago
|
||
Checked in on BUGZILLA-2_14_1-BRANCH.
Updated•22 years ago
|
Whiteboard: applied to 2.14.2
Comment 10•22 years ago
|
||
Adding representatives of the packagers to bugs that are going into the Bugzilla 2.14.2 security update
Comment 11•22 years ago
|
||
moving secure bugzilla/webtools bugs from mozilla security group to the new bugzilla security group.
Group: security? → webtools-security?
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•