Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-6821

IDOR Leads to unauthorized move of a step on Test issue [Manual Steps]

    XporterXMLWordPrintable

Details

    • XRAY 2020 Sprint 10, XRAY 2020 Sprint 11, XRAY 2020 Sprint 12

    • OK

    Description

      1. Create Jira user with no_permissions.
      2. Create a Xray project and configure this project permission settings for administrator only
      3. Create a TEST Manual with 3 steps
      4. using the user with no permission, call 
        curl -H "Content-Type: application/json" -X POST -u sin:sin -d '{"index":1}' "http://localhost:8120/rest/raven/1.0/customFields/move?testKey=TOM-1&id=121551"

      Attachments

        Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. XRAY-6820 IDOR Leads to unauthorized user to delete attachment on Test issue [Manual Steps]

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bims Beatriz Silva [X] (Inactive)
              dpca Diamantino Campos
              Pedro Rodrigues
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week, 1 day, 4 hours, 7 minutes
                  1w 1d 4h 7m