[buddypress-trac] [BuddyPress] #2329: Security problem: Join private/hidden groups by manipulating the URL with nonce
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Thu Apr 22 03:33:10 UTC 2010
#2329: Security problem: Join private/hidden groups by manipulating the URL with
nonce
----------------------+-----------------------------------------------------
Reporter: gottowik | Owner:
Type: defect | Status: new
Priority: critical | Milestone: 1.2.4
Component: Core | Keywords: has-patch needs-testing
----------------------+-----------------------------------------------------
Changes (by wpmuguru):
* keywords: => has-patch needs-testing
Comment:
That patch is against the 1.2 branch. It adds the group ID to the nonce
key which will prevent it being used with a different group.
--
Ticket URL: <http://trac.buddypress.org/ticket/2329#comment:2>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list