You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a vulnerability that allows an unauthenticated user the ability to create questions, delete questions, delete threads, and delete users.
This could be accomplished by hitting each REST endpoint.
This commit adds in authorization for these endpoints. A user must be
logged in as an administrator to be able to perform these actions.
Unauthenticated create question
For this to work, a proper category ID and author ID must be specified.
There is a vulnerability that allows an unauthenticated user the ability to create questions, delete questions, delete threads, and delete users.
This could be accomplished by hitting each REST endpoint.
This commit adds in authorization for these endpoints. A user must be
logged in as an administrator to be able to perform these actions.
Unauthenticated create question
For this to work, a proper category ID and author ID must be specified.
Unauthenticated delete question
Must provide ID of question to be deleted
Unauthenticated delete thread
Must provide ID of thread to be deleted
Unauthenticated delete user
Must provide ID of user to be deleted
The text was updated successfully, but these errors were encountered: