Media uploaded and attached to an incident post is public, but should be visible only to responders

betterangels / better-angels

The Better Angels are a group of anarchists committed to feminist, anti-racist, anti-capitalist struggle who use direct action software development as a technique of liberatory resistance.

https://betterangels.github.io/

55 stars 12 forks source link

Media uploaded and attached to an incident post is public, but should be visible only to responders #86

Closed fabacab closed 8 years ago

fabacab commented 8 years ago

This is an Insecure Direct Object Reference vulnerability as described by OWASP.

fabacab commented 8 years ago

This issue has been migrated to betterangels/buoy#35.