Closed
Bug 863585
Opened 12 years ago
Closed 12 years ago
Able to access Unauthorized Data of Mozilla's employees in http://people.mozilla.org
Categories
(Websites :: other.mozilla.org, defect)
Websites
other.mozilla.org
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: sriyanto4th, Unassigned)
Details
(Keywords: reporter-external)
Attachments
(1 file)
|
123.57 KB,
image/png
|
Details |
2.png
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
Build ID: 20130409194949
Steps to reproduce:
1. Googling for "site:people.mozilla.org"
2. It will results many Mozilla people
3. Click on any result that is like for example : "Index of /~mhommey - People of Mozilla"
Actual results:
Able to see an open file/folder of Mozilla employees by accessing :
http://people.mozilla.org/~(EmployeeName)/
Employee name can be searched used Google.
Expected results:
application should not displayed the data of the Mozilla employees.
And if user trying to access this page, application should prompted
"You are unauthorized to access this file"
|
||
Comment 1•12 years ago
|
||
people.mozilla.org is for Mozilla employees to upload random test stuff. It is not a site covered by the web bounty.
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Component: Security → other.mozilla.org
Flags: sec-bounty-
Product: Mozilla Developer Network → Websites
Resolution: --- → INVALID
Version: other → unspecified
|
||
Updated•1 year ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•