Badge creation possible without appropriate permission
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• jxc
	Sep 24 2015, 10:22 PM

Description

Steps to reproduce:

Go to badges
CMD + left click on Create Badge

Fill out the form
Submit

Revisions and Commits

rP Phabricator
	D14159	rP381fa611fd8d Check that the viewer can actually create badges before letting them create…

Event Timeline

• jxc created this task.Sep 24 2015, 10:22 PM

• jxc updated the task description. (Show Details)

• jxc added a subscriber: • jxc.

https://secure.phabricator.com/badges/view/9/

boldmovecotton

epriestley added a revision: D14159: Check that the viewer can actually create badges before letting them create badges.Sep 24 2015, 10:31 PM

epriestley claimed this task.Sep 24 2015, 10:33 PM

epriestley triaged this task as Normal priority.

epriestley added a project: Badges.

epriestley closed this task as Resolved by committing rP381fa611fd8d: Check that the viewer can actually create badges before letting them create….Sep 24 2015, 10:34 PM

epriestley added a commit: rP381fa611fd8d: Check that the viewer can actually create badges before letting them create….

Thanks for the report! This should be resolved in HEAD and deployed to this server.

I think you earned the badge.

(We maintain a vulnerability program with HackerOne, but this specific issue is pretty fluff and in a prototype application so I don't think it meets the minimum bar for a vulnerability award ("significantly compromise ... typical installation"). Feel free to file through HackerOne if you hit anything security-esque and more substantive in the future, though.)

Awesome, will do!

Badge creation possible without appropriate permissionClosed, ResolvedPublicActions

Description

Revisions and Commits

Event Timeline

Badge creation possible without appropriate permission
Closed, ResolvedPublic
Actions