Modify

Opened 8 years ago

Closed 8 years ago

#5827 closed defect (invalid)

Loophole breaches privacy of tickets

Reported by: jonathan.greene@… Owned by: Noah Kantrowitz
Priority: high Component: PrivateTicketsPlugin
Severity: blocker Keywords:
Cc: Trac Release: 0.11

Description

I am using the TracPrivateTickets plugin version 2.0.2 with Trac 0.11. After generating a report of open tickets, a user sees on the web page only the tickets he is properly authorized to see. However if the user clicks the link at the bottom of the report to "Download in other formats", e.g. as a csv file, the downloaded file will include all tickets, even those the user is not authorized to see!

This breach compromises the privacy of the private tickets, which is after all the purpose of this plugin!

Attachments (0)

Change History (1)

comment:1 Changed 8 years ago by Noah Kantrowitz

Resolution: invalid
Status: newclosed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Noah Kantrowitz.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.