[SECURITY] 4 Broken Access Control Vulnerabilities #4593
Comments
|
I've sent an email for each of the 4 vulns :) |
|
Thanks for the report! I've reviewed the info and passed it along to the other maintainers, we'll follow up once we've fixed that issue. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
Hi, any update? :) |
|
Hey there! These are still being worked on, thank you for following up! |
|
I have to say, I'm a little more than concerned that these vulnerabilities haven't been fixed yet. Is there any plan to have this in a release soon? |
|
These are actively being worked on. All four reported vulnerabilities require authenticated access, and there are no known vulnerabilities exploitable by unauthenticated users. While we intend to resolve the reported issues, please see our security documentation which addresses best practices which cover the reported issues. |
|
I just tested the 3 fixes and can confirm that 3 of the 4 reported vulnerabilities are fixed :) |
A few minutes ago I've emailed you the details to one high risk broken access control vulnerability and will now write you the details to three more (but low to lower medium risk) broken access control vulnerabilities.
The text was updated successfully, but these errors were encountered: