Skip to content
Snippets Groups Projects
Commit 2d240fc3 authored by Holger Just's avatar Holger Just
Browse files

[#709] Fix cache poisoning vector if credential caching is enabled. 

The cache did not distinguish between cached credentials for read and write
access. As it does not check permissions again if there is a cache hit, users
with authorization for either reading or writing could poison the cache and
subsequently authorize themselves for both access types.

Original fix is by Jean-Philippe Lang, http://www.redmine.org/issues/9567
parent b2bbc1cb
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 3 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment