Opened 15 years ago

Last modified 4 years ago

#6152 new defect

User can modify members for other modules — at Version 1

Reported by: axton.grams@… Owned by: Kis Gergely
Priority: highest Component: SvnAuthzAdminPlugin
Severity: critical Keywords:
Cc: Trac Release: 0.11

Description (last modified by Michael Renzmann)

If:

  1. User is authenticated against a project (projA)
  2. User has TRAC_ADMIN Access for projA
  3. User enters a path for another project with the following structure:
    http://svn/<trac_context>/projA/admin/subversion/svnauthz/editpath/projB%3A/
  4. User adds a path member to / -> axton

Then member axton will have access to module:path

Change History (1)

comment:1 Changed 15 years ago by Michael Renzmann

Description: modified (diff)
Note: See TracTickets for help on using tickets.