Closed Bug 1466625 Opened 7 years ago Closed 7 years ago

can see the activity of other bug hunter by modifying in link

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: cyborg.gtp, Unassigned)

Details

Attachments

(1 file)

bugzilla.PNG
177.54 KB, image/png
Details
Attached image bugzilla.PNG
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20180430140610 Steps to reproduce: step 1: login to bugzilla.mozilla.org step 2: click on my activity step 3: in the url bar in wgo section change my email to other bug hunter email and it give me access to see their reports and i can generate it. Actual results: i can access the result and can see the data and generate reports. Expected results: i can't see other data/reports. it can't be bypassed the mail id.
You can also some someone's activity by entering their address into the "who" field at the top. This is intended behaviour. The activity of users on Bugzilla is public data, except where it involves confidential bugs, which are hidden from unauthorized users.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Group: bugzilla-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: