** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000155
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1600069 Title: See other's profile images one is not meant to Status in Mahara: Fix Released Status in Mahara 15.04 series: Fix Released Status in Mahara 15.10 series: Fix Released Status in Mahara 16.04 series: Fix Released Bug description: As part of the follow on from this bug: https://bugs.launchpad.net/mahara/+bug/1211758 I notice that it is possible to see profile images of other users that one isn't meant to. Demo: Login as User A and upload two profile icons - set one to be default make note of the artefact id's Login as User B then go to the url: thumb.php?type=profileiconbyid&maxwidth=150&id=[id from above] You should only be allowed to see the icon that is set to the default icon but you can see both To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1600069/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
