Skip to content
This repository has been archived by the owner on Apr 16, 2024. It is now read-only.

🐛 BUG: CourseController getCourse leak 🔥 #653

Closed
torss opened this issue Apr 19, 2018 · 1 comment · Fixed by #664
Closed

🐛 BUG: CourseController getCourse leak 🔥 #653

torss opened this issue Apr 19, 2018 · 1 comment · Fixed by #664
Assignees
@torss
Labels
api All Backend related Issues bug This Issue describes a unwanted behavior 🔒 security This directly pertains to geli's security!

Comments

@torss
Copy link
Collaborator

torss commented Apr 19, 2018

The /api/courses/:id getCourse API still leaks important information - such as every enrolled student's email address - to anyone who can view the course.
This issue is closely related to (and was missed in) #594.
It was discovered while working on #82.
@torss torss added bug This Issue describes a unwanted behavior api All Backend related Issues labels Apr 19, 2018
@torss torss self-assigned this Apr 19, 2018
@torss torss mentioned this issue Apr 19, 2018
Closed
@torss
Copy link
Collaborator Author

torss commented Apr 19, 2018

Currently this issue is intended to be solved implicitly via the resolution of #654.

@torss torss mentioned this issue Apr 22, 2018
Merged
torss added a commit that referenced this issue Apr 26, 2018
@torss
CHANGELOG.md: Add "Security" line for issues #594, #653
86dab41
@torss torss mentioned this issue May 18, 2018
Open
@torss torss added the 🔒 security This directly pertains to geli's security! label Oct 11, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@torss torss

Labels
api All Backend related Issues bug This Issue describes a unwanted behavior 🔒 security This directly pertains to geli's security!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bugfix/#654 wasteful course data fix geli-lms/geli
1 participant
@torss