Actions
Defect #5383
closedRedmine.pm auth vulnerability
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
SCM
Target version:
-
Start date:
2010-04-26
Due date:
% Done:
100%
Estimated time:
Resolution:
Fixed
Affected version:
Description
Hello, I found that even if project is non-public, any user can see subversion storage of it through Redmine.pm. Also, if user was authenticated through LDAP, his permission was not checked (so he can checkout and/or commit to it). Here is my patch for these issues
Files
Actions