| 标题 | theonedev onedev 15.05 BOPLA |
|---|
| 描述 | Issue 05 — Unauthorized Exposure of Time-Tracking Information via Issue REST APIs
Risk Summary
Issue time-tracking information appears to be exposed through REST APIs to users who may access the issue itself, even when those users do not possess dedicated time-tracking visibility permission.
Exposed information includes both aggregated time statistics and detailed work-log entries. |
|---|
| 来源 | ⚠️ https://www.cnblogs.com/aibot/p/19994142 |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2026-05-08 08時31分 (1 月前) |
|---|
| 管理 | 2026-06-06 00時21分 (29 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 369021 [theonedev 直到 15.0.5 Pull Request /issues/ canAccessIssue issue 权限提升] |
|---|
| 积分 | 19 |
|---|