Uploaded image for project: 'GeoServer'
  1. GeoServer
  2. GEOS-8041

GWC Data Security Vulnerability

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Highest
    • Resolution: Fixed
    • Affects versions: 2.10.2, 2.11-RC1
    • Fix versions: 2.10.4, 2.11.1
    • Components: GWC, Vulnerability
    • Labels:
      None
    • Environment:

      Ubuntu 14.04 / Jetty

      Description

      It's possible to request data a user has not be granted to. It violates the Statement in docs "It is only possible to request a tile within a bounding box that is fully accessible."

      I will provide further details per mail on request.

        Attachments

          Activity

            People

            • Assignee:
              ksmith Kevin Smith [Administrator]
              Reporter:
              simon.hofer Simon Hofer
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: