Opened 15 years ago
Last modified 4 years ago
#6152 new defect
User can modify members for other modules — at Version 1
Reported by: | Owned by: | Kis Gergely | |
---|---|---|---|
Priority: | highest | Component: | SvnAuthzAdminPlugin |
Severity: | critical | Keywords: | |
Cc: | Trac Release: | 0.11 |
Description (last modified by )
If:
- User is authenticated against a project (projA)
- User has TRAC_ADMIN Access for projA
- User enters a path for another project with the following structure:
http://svn/<trac_context>/projA/admin/subversion/svnauthz/editpath/projB%3A/ - User adds a path member to / -> axton
Then member axton will have access to module:path
Note: See
TracTickets for help on using
tickets.