Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0034491
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformminoralways2016-11-14 13:242022-02-01 08:05
ReportercaristuView Statuspublic 
Assigned ToTriage Platform Base 
PriorityhighResolutionopenFixed in Version
StatusacknowledgedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned ToAugustoMauch
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0034491: Review access for DeleteImageActionHandler class

DescriptionIt is possible to delete images different from the last recently added if they are accessible by the client and organization of the login context.
Steps To ReproduceIn description
Proposed SolutionThe DeleteImageActionHandler should not delete any image but the ones created and dropped during record creation (see issue 0026253)
Tagssecurity
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 00262533.0PR14Q3 closedguillermogil Trash button in product window, image field is not removing the image from database 
related to defect 0041748 closedcberner DeleteImageActionHandler is vulnerable to CSRF attacks 

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2016-11-14 13:24 caristu New Issue
2016-11-14 13:24 caristu Assigned To => platform
2016-11-14 13:24 caristu Modules => Core
2016-11-14 13:24 caristu Triggers an Emergency Pack => No
2016-11-14 13:24 caristu Relationship added related to 0034490
2016-11-14 13:30 caristu Steps to Reproduce Updated View Revisions
2016-11-14 13:30 caristu Proposed Solution updated
2016-11-14 13:30 caristu Relationship added related to 0026253
2016-11-14 13:30 caristu Proposed Solution updated
2016-11-14 13:31 caristu Description Updated View Revisions
2016-11-14 13:31 caristu File Added: curlDeleteImage.txt
2016-11-14 13:47 caristu Steps to Reproduce Updated View Revisions
2016-11-14 17:50 caristu Summary [clustering] DeleteImageActionHandler is unsecure => [clustering] Review access for DeleteImageActionHandler class
2016-11-14 17:50 caristu Description Updated View Revisions
2016-11-14 17:50 caristu Steps to Reproduce Updated View Revisions
2016-11-14 17:58 caristu File Deleted: curlDeleteImage.txt
2016-11-15 11:14 caristu Summary [clustering] Review access for DeleteImageActionHandler class => Review access for DeleteImageActionHandler class
2016-11-16 16:39 alostale Relationship deleted related to 0034490
2016-12-01 12:18 alostale Status new => acknowledged
2016-12-01 14:03 alostale Priority normal => high
2016-12-16 14:45 caristu Tag Attached: security
2019-08-23 13:55 cberner Assigned To platform => cberner
2019-08-27 09:28 cberner Status acknowledged => scheduled
2019-08-27 09:28 cberner Review Assigned To => AugustoMauch
2019-08-28 08:09 cberner Status scheduled => acknowledged
2019-09-04 12:43 cberner Relationship added related to 0041748
2019-12-26 11:48 cberner Assigned To cberner => platform
2022-02-01 08:05 alostale Assigned To platform => Triage Platform Base


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker