Feature #4186

Tvheadend log expose data to non-admin users

Added by Anonymous 6 months ago. Updated 2 months ago.

Status:FixedStart date:2017-01-16
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:User Interface
Target version:4.2

Description

Steps for issue re-creation when logged in as admin:

1. Create non-admin user
2. Allow "Web interface" feature for non-admin user
3. Log in to web interface as non-admin user and go to Tvheadend log
4. Observe that all activity and data (IP, Usernames, Mux names..) of admin or any other user is exposed to non-admin user in Tvheadend log!

Tvheadend log should not show and should not be allowed/enabled/visible for non-admin users.

Associated revisions

Revision 54e63e3f
Added by Jaroslav Kysela 2 months ago

comet: allow to watch the logs only with the administrator priviledges, fixes #4186

Revision 7129754a
Added by Jaroslav Kysela 2 months ago

comet: allow to watch the logs only with the administrator priviledges, fixes #4186

History

#1 Updated by Anonymous 4 months ago

You can close this ticket now. I can see this has been already fixed, because all is OK in HTS Tvheadend 4.1-2477~g019c946~xenial and no sensitive information are exposed to non-admin users. Good work!

#2 Updated by Jaroslav Kysela 2 months ago

  • Target version set to 4.2

#3 Updated by Jaroslav Kysela 2 months ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Also available in: Atom PDF