summary

GWC Data Security Vulnerability

Description

It's possible to request data a user has not be granted to. It violates the Statement in docs "It is only possible to request a tile within a bounding box that is fully accessible."

I will provide further details per mail on request.

Environment

Ubuntu 14.04 / Jetty

Assignee

Kevin Smith [Administrator]

Reporter

Simon Hofer

Triage

None

Fix versions

2.11.1

2.10.4

Affects versions

2.10.2

2.11-RC1

Components

GWC

Vulnerability

Priority

Highest

Configure