Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7101

EjbcaWS.getProfile leaks information about CA's and EEPs

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.14.0
    • Component/s: None
    • Labels:
      None
    • Stakeholder:
      R&D
    • Sprint:
      EJBCA Sprint 15

      Description

      EjbcaWS.getProfile leaks information about CA's and EEPs. We normally don't display info about EEPs and CAs (referred to in the CPs) that the requesting admin isn't authorized to, but this is an information leak. 

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mikek Mike Agrenius Kushner
                Reporter:
                mikek Mike Agrenius Kushner
                Verified by:
                Samuel Lidén Borell
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 hour
                  1h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h