-
Bug
-
Resolution: Fixed
-
Normal
-
None
-
None
A malicious user can construct a POST request that enters an 'approve' vote for an edit, even if they don't have rights to do this. There is a bit of discussion on http://codereview.musicbrainz.org/r/1961/ about what needs to be considered.
- is related to
-
MBS-3998 Editor may vote / may add edit note checks should also be done at the Data level.
-
- Closed
-