| Título | theonedev onedev 15.05 BOPLA |
|---|
| Descripción | Issue 05 — Unauthorized Exposure of Time-Tracking Information via Issue REST APIs
Risk Summary
Issue time-tracking information appears to be exposed through REST APIs to users who may access the issue itself, even when those users do not possess dedicated time-tracking visibility permission.
Exposed information includes both aggregated time statistics and detailed work-log entries. |
|---|
| Fuente | ⚠️ https://www.cnblogs.com/aibot/p/19994142 |
|---|
| Usuario | Anonymous User |
|---|
| Sumisión | 2026-05-08 08:31 (hace 1 mes) |
|---|
| Moderación | 2026-06-06 00:21 (29 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 369021 [theonedev hasta 15.0.5 Pull Request /issues/ canAccessIssue issue escalada de privilegios] |
|---|
| Puntos | 19 |
|---|