1760: Security issue: media folder is opened for file browsing
- NotABug
- Review Board
| yer***@gmai***** (Google Code) (Is this you? Claim this profile.) | |
| Aug. 11, 2010 |
What version are you running? 1.5 RC1 What's the URL of the page containing the problem? http://demo.reviewboard.org/media/ What steps will reproduce the problem? 1. Click http://demo.reviewboard.org/media/ 2. View file information which is usually secure What is the expected output? What do you see instead? EXPECTED: redirect to main page or HTTP Error 401 Unauthorized What operating system are you using? What browser? generic Please provide any additional information below.
These are all public files, and the browser needs access to them. Offering file browsing isn't a problem. If there were any private files in here, I'd agree, but I'm not sure what about this is a security problem. If an administrator wants to turn off file browsing, that's easy to do in their install, but isn't a Review Board issue.
-
+ NotABug