http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11612
Bug ID: 11612
Summary: 404 error page for Intranet may leak information
Change sponsored?: ---
Product: Koha
Version: 3.14
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Staff Client
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
Navigating to an non-existent page on the intranet site, (e.g.
https://demo-admin.calyx.net.au/test) allows an unauthenticated user to see the
top nav bar. If an administrator uses IntranetNav configuration option to add
links to the NavBar, those links will be displayed to unauthenticated users.
I do not believe any part of the staff client should be visible to
unauthenticated users. Administrators might assume no part of it is visible
since the login screen completely hides the regular staff interface.
Tested on Debian with Koha 3.14.
Isaac
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
