Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-4928

It is possible for non-auto-editor users to submit 'approve' votes

    XMLWordPrintable

    Details

      Description

      A malicious user can construct a POST request that enters an 'approve' vote for an edit, even if they don't have rights to do this. There is a bit of discussion on http://codereview.musicbrainz.org/r/1961/ about what needs to be considered.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              chirlu Ulrich Klauer
              Reporter:
              acid2 Oliver Charles
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  2015-02-23