Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-4928

It is possible for non-auto-editor users to submit 'approve' votes

    XMLWordPrintable

    Details

      Description

      A malicious user can construct a POST request that enters an 'approve' vote for an edit, even if they don't have rights to do this. There is a bit of discussion on http://codereview.musicbrainz.org/r/1961/ about what needs to be considered.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chirlu Ulrich Klauer
                Reporter:
                acid2 Oliver Charles
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  2015-02-23