Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-6820

IDOR Leads to unauthorized user to delete attachment on Test issue [Manual Steps]

    XporterXMLWordPrintable

Details

    • XRAY 2021 Sprint 3

    • OK

    Description

      1. Create Jira account no_permissions.
      2. Add another employee to the jira account with user privileges
      3. Create a Xray project and configure this project permission settings for administratoronly
      4. Create a TEST Manual
      5. Add one step and one attachment to the step
      6. using the user with no permission call 
        curl -H "Content-Type: application/json" -X DELETE -u sin:sin http://localhost:8120/rest/raven/1.0/test/TOM-1/steps/121551/attachment/224

      Attachments

        Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. XRAY-6819 IDOR Leads to unauthorized user to delete attachment in test run

          • Major - Major loss of function.
          • Closed
          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. XRAY-6821 IDOR Leads to unauthorized move of a step on Test issue [Manual Steps]

          • Major - Major loss of function.
          • Closed

          Activity

            People

              dpca Diamantino Campos
              dpca Diamantino Campos
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 1 hour, 40 minutes
                  1d 1h 40m