diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-04-18 18:58:04 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-04-18 18:58:04 +0200 |
commit | 811987d677a4117f09b032e3935aff9accdc133d (patch) | |
tree | d26d58e0f7bd7b41ad86b3cf7c2e8c75a1972c90 /buglist.cgi | |
parent | Bug 728639: (CVE-2012-0465) [SECURITY] User lockout policy can be bypassed by... (diff) | |
download | bugzilla-811987d677a4117f09b032e3935aff9accdc133d.tar.gz bugzilla-811987d677a4117f09b032e3935aff9accdc133d.tar.bz2 bugzilla-811987d677a4117f09b032e3935aff9accdc133d.zip |
Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see
r=glob a=LpSolit
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-x | buglist.cgi | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/buglist.cgi b/buglist.cgi index 79bf94381..885e50478 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -95,16 +95,6 @@ if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") { $cgi->param('ctype', "atom"); } -# The js ctype presents a security risk; a malicious site could use it -# to gather information about secure bugs. So, we only allow public bugs to be -# retrieved with this format. -# -# Note that if and when this call clears cookies or has other persistent -# effects, we'll need to do this another way instead. -if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) { - Bugzilla->logout_request(); -} - # An agent is a program that automatically downloads and extracts data # on its user's behalf. If this request comes from an agent, we turn off # various aspects of bug list functionality so agent requests succeed |