search

marius-wieschollek / passwords

A simple, yet feature rich password manager for Nextcloud
GNU Affero General Public License v3.0
215 stars 45 forks source link

Non editable passwords can be shared as editable #400

Closed marius-wieschollek closed 3 years ago

marius-wieschollek commented 3 years ago

System Information

Server:

 Run "php ./occ passwords:system:report debug" in your Nextcloud install directory and put the output here
 or fill out the fields below

 Nextcloud Version: 21.0.3
 PHP Version: 8.0.7
 Database and Version: MariaDB 10
 Server OS and Version: Ubuntu 20.4
 Passwords Version: 2021.7.2

Client:

 Browser and Version: Firefox 89
 Client OS and Version: Ubuntu 20.4

Steps to reproduce

if a person without edit permissions shares password to someone, it can be shared with edit permissions, after that said person can edit password without a problem, but the change is visible only to the person who shared password, original owner sees non edited password.

  1. Person A shares password with Person B as not editable.
  2. Person B shares password with Person C as editable.
  3. Person C edits the password.

Expected result

If a password is not editable, it should not be possible to share it as editable

Actual result

What does happen?

Nextcloud log

Nextcloud log ``` no log ```

Browser log

Browser log ``` no log ```
marius-wieschollek commented 3 years ago

Fixed with 2021.7.2