Tellier Benoit created MAILBOX-219:
--------------------------------------
Summary: A user with any right on a mailbox gets full rights on
the given mailbox.
Key: MAILBOX-219
URL: https://issues.apache.org/jira/browse/MAILBOX-219
Project: James Mailbox
Issue Type: Bug
Components: api
Affects Versions: 0.5
Environment: James uses binary operation code in order to store user's
ACL on a single int.
This was buggy as a or was used to see if the user have a given right. A and
should have been used.
So, as a consequence, setting any write to a user gives him full rights on the
given mailbox, wich is a major security issue.
All mailbox implementations are affected.
Reporter: Tellier Benoit
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
