GWC Data Security Vulnerability

Description

It's possible to request data a user has not be granted to. It violates the Statement in docs "It is only possible to request a tile within a bounding box that is fully accessible."

I will provide further details per mail on request.

Environment

Ubuntu 14.04 / Jetty

Status

Assignee

Kevin Smith [Administrator]

Reporter

Simon Hofer

Triage

None

Fix versions

2.10.4

2.11.1

Affects versions

2.11-RC1

2.10.2

Components

GWC

Vulnerability

Priority

Highest