Closed Bug 234825 Opened 21 years ago Closed 20 years ago

duplicates.cgi reveals products user doesnt have access to

Categories

(Bugzilla :: Reporting/Charting, defect, P2)

Tracking

()

RESOLVED FIXED
Bugzilla 2.16

People

(Reporter: gmillerd, Assigned: bugreport)

Details

(Whiteboard: [fixed in 2.16.6] [fixed in 2.18rc1])

Attachments

(2 files)

User-Agent: Build Identifier: the line near 272 in duplicates v1.41: $vars->{'products'} = \@::legal_product; ... should be something akin to ... { my @tmp; foreach my $p (@::legal_product) { if (CanEnterProduct($p)) { push(@tmp, $p); } } $vars->{'products'} = \@tmp; } Reproducible: Always Steps to Reproduce: visit duplicates.cgi Actual Results: all products in the system Expected Results: only products i have access to
Securing until triaged. Gerv
Group: webtools-security
Nominating for 2.18rc1 (shouldn't we be using flags?), because we seem to be fixing other bugs like this at the moment. Gerv
Whiteboard: [wanted for 2.18rc1]?
Confirming; I suspect Unconfirmed security bugs aren't on Dave's radar. Gerv
Status: UNCONFIRMED → NEW
Ever confirmed: true
Gerv: since you're confirming this, I assume you've reproduced it?
This effects the 2.16 branch as well
Attachment #143896 - Flags: review?(justdave)
Attached patch Patch for 2.18Splinter Review
Attachment #143897 - Flags: review?(justdave)
Severity: normal → major
OS: Windows XP → All
Priority: -- → P2
Hardware: PC → All
Whiteboard: [wanted for 2.18rc1]? → [wanted for 2.16.6][wanted for 2.18rc1]
Target Milestone: --- → Bugzilla 2.18
Whiteboard: [wanted for 2.16.6][wanted for 2.18rc1] → [wanted for 2.16.6] [wanted for 2.18rc1]
Assignee: gerv → bugreport
Flags: blocking2.18+
Flags: blocking2.16.6+
Target Milestone: Bugzilla 2.18 → Bugzilla 2.16
Attachment #143896 - Flags: review?(justdave) → review+
Comment on attachment 143897 [details] [diff] [review] Patch for 2.18 >+my @selectable_products = GetSelectableProducts(); >+$vars->{'products'} = \@selectable_products; This works, so I won't complain, but wouldn't it save an unnecessary variable if you do it like this: $vars->{'products'} = [ GetSelectableProducts() ]; ?
Attachment #143897 - Flags: review?(justdave) → review+
holding approval for security advisory
Flags: approval?
Flags: approval2.16?
Whiteboard: [wanted for 2.16.6] [wanted for 2.18rc1] → [ready for 2.16.6] [ready for 2.18rc1]
Proposed wording for release notes: Duplicates.cgi can divulge the names of products to which the user is not supposed to have any access.
Flags: approval2.16? → approval2.16+
Flags: approval? → approval+
checked in on both branches
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Whiteboard: [ready for 2.16.6] [ready for 2.18rc1] → [fixed in 2.16.6] [fixed in 2.18rc1]
Clearing the security flag on disclosed bugs
Group: webtools-security
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: