View Issue Details

IDProjectCategoryView StatusLast Update
0000055CaseTalk ManagerApplicationpublic2012-02-02 13:08
ReporterRon Nagtegaal 
Assigned ToBCP Software 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version1.0.5 
Summary0000055: Security/Authorisation leak
DescriptionProjectmembers who are authorised as guest, can remove and add projectmembers. This allows them to upgrade their authorization level.
Additional InformationThe functions to change roles are disabled as it should be.
TagsNo tags attached.

Relationships

Activities

BCP Software

BCP Software

2012-02-02 13:04

administrator   ~0000032

Membership window now also disabled the 'add' and 'delete' buttons for project membership if the current user has no permission to do so.

Issue History

Date Modified Username Field Change
2012-02-02 10:02 Ron Nagtegaal New Issue
2012-02-02 12:51 BCP Software Assigned To => BCP Software
2012-02-02 12:51 BCP Software Status new => assigned
2012-02-02 13:04 BCP Software Note Added: 0000032
2012-02-02 13:04 BCP Software Status assigned => resolved
2012-02-02 13:04 BCP Software Resolution open => fixed
2012-02-02 13:07 BCP Software Description Updated View Revisions
2012-02-02 13:07 BCP Software Additional Information Updated View Revisions
2012-02-02 13:07 BCP Software Project ProRail => CaseTalk Manager
2012-02-02 13:08 BCP Software Category General => Application
2012-02-02 13:08 BCP Software Fixed in Version => 1.0.5
2012-02-02 13:08 BCP Software Summary Beveiliging/autorisatieslek => Security/Authorisation leak