Headline
CVE-2022-24896: request #26729 Tracker report renderer and chart widgets leak informa… · Enalean/tuleap@8e99e7c
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.
Permalink
Browse files
request #26729 Tracker report renderer and chart widgets leak informa…
…tion user cannot access
Tracker report renderer and chart widgets leak information user cannot access
Change-Id: Ibdd7d1b8e72dd44bbb2b747b7d8f264603f98024
- Loading branch information
1 parent c975b38 commit 8e99e7c82d9fe569799019b9e1d614d38a184313
Showing 2 changed files with 3 additions and 7 deletions.
- GraphOnTrackersV5_ChartFactory.class.php
- Tracker_Widget_Renderer.class.php
@@ -252,7 +252,7 @@ public function getChart($renderer, $id, $store_in_session = true)
$report = null; //We don’t know the report
$renderer = Tracker_Report_RendererFactory::instance()->getReportRendererById($chart_data[‘report_graphic_id’], $report, $store_in_session);
}
if ($renderer) {
if ($renderer && $renderer->getReport()->getTracker()->userCanView()) {
$c = $this->instanciateChart($chart_data, $renderer, $store_in_session);
}
}
@@ -58,12 +58,8 @@ private function getRenderer(): ?Tracker_Report_Renderer
$store_in_session = false;
$arrf = Tracker_Report_RendererFactory::instance();
$renderer = $arrf->getReportRendererById($this->renderer_id, null, $store_in_session);
if ($renderer) {
$tracker = $renderer->report->getTracker();
$project = $tracker->getProject();
if ($tracker->isActive() && $project->isActive()) {
return $renderer;
}
if ($renderer && $renderer->report->getTracker()->userCanView()) {
return $renderer;
}
return null;
}
0 comments on commit 8e99e7c
Please sign in to comment.