View Revisions: Issue #27039

Summary 0027039: CVE-2020-25781: Access to private bug note attachments
Revision 2020-09-09 04:09 by dregad
Steps To Reproduce

Create user1 who has public access to project and can download attachment of public issue/bug note
Create user2 who has any access to same project and can create private bug note with attachments.
By user1 try download private bug note attachment created by user2 using direct link (/file_download.php?file_id={FILE_ID}&type=bug).
User1 can do file id substitution in order to determine available file.

Revision 2020-06-16 05:08 by pijama
Steps To Reproduce

Create user1 who has public access to project and can download attachment of public issue/bug note
Create user2 who has any access to same project and can create private bug note with attachments.
By user1 try download private bug note attachment created by user2 using direct link (/file_download.php?file_id={FILE_ID}&type=bug).
User1 can do file id substitution in order to determine available file.