[jira] Commented: (JSPWIKI-645) RecentChanges plugin shows pages, for which the user has no access

Gergely Kontra (JIRA) Fri, 09 Apr 2010 07:48:14 -0700

    [ 
https://issues.apache.org/jira/browse/JSPWIKI-645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12855418#action_12855418
 ]


Gergely Kontra commented on JSPWIKI-645:
----------------------------------------

Disagree. Then close as WontFix, but it is a valid security issue IMHO

> RecentChanges plugin shows pages, for which the user has no access
> ------------------------------------------------------------------
>
>                 Key: JSPWIKI-645
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-645
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Plugins
>    Affects Versions: 2.8.3
>         Environment: Windows xp, tomcat6
>            Reporter: Gergely Kontra
>            Priority: Minor
>
> Any user can include the text [{INSERT 
> com.ecyrd.jspwiki.plugin.RecentChangesPlugin}] into a page, and see notes of 
> page editings (and who and when edited) for those pages, which he/she could 
> not even have the right to see.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSPWIKI-645) RecentChanges plugin shows pages, for which the user has no access

Reply via email to