Opened 3 years ago
Closed 3 years ago
#1486574 closed Bugs (fixed)
Security issue: Illegally previewed other users email content in preview area
| Reported by: | bongdotcom | Owned by: | |
|---|---|---|---|
| Priority: | 1 - Highest | Milestone: | 0.4-beta |
| Component: | Security | Version: | 0.2.1 |
| Severity: | critical | Keywords: | |
| Cc: |
Description
Some users report, after login to roundcube 0.2.1. They can preview other users' email but after opened it. It will become normal. I am looking for any patches to fix this issue. As currently 0.3.1 was not able to fully link with LDAP
Case: When user A, send email to User B
User B open, but in preview area, B can see C's message which is not belonging to B.
Change History (1)
comment:1 Changed 3 years ago by alec
- Milestone changed from later to 0.4-beta
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
It has been fixed in svn-trunk version.