Ticket #13702 (new Bug)

Opened 3 years ago

Last modified 3 years ago

If someone know the file download hyperlink,loggin in user can download it without authority.

Reported by: 172141102@… Owned by:
Priority: minor Milestone: 4.x
Component: Unknown Version: 4.0
Keywords: filedownloadhyperlink Cc:

Description

If someone know the file download hyperlink,loggin in user can download it without authority.

I set the file status to private. But someone if know the file download hyperlink, can download the file directly. How to fix the issue?

Change History

comment:1 Changed 3 years ago by Mikpn

I think this bug should be reported ASAP to the plone security team to : security(at)plone.org ,

as suggested here:  http://plone.org/documentation/faq/i-think-ive-found-a-bug-in-plone.-where-should-i-report-it

Last edited 3 years ago by Mikpn (previous) (diff)
Note: See TracTickets for help on using tickets.