Security vulnerability in bugs and answers
Hello, This was actually pointed out to me by one of my users. The bugs and answers modules allows anyone to edit the status, description, assignee and more. All the user has to do is signup using some fake account (like i did) and go to a bug/question and they have the same amount of access as the assignee or person posting the bug/question would. If they try to change anything in a blueprint then it says access is denied. Can someone please fix this so that only people that are subscribed to a bug/question can edit it or so that they have to be approved assignee before editing it. As you can see on this question (https:/
As you can see I am able to edit this question even though I am not at all related to this question!
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Nick
- Solved:
- Last query:
- Last reply: