[Tickets #13427] Re: Critical error when trying to edit IMP portal block when not authorized for IMP
noreply at bugs.horde.org
noreply at bugs.horde.org
Fri Aug 8 09:33:10 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/13427
------------------------------------------------------------------------------
Ticket | 13427
Updated By | daniel at poradnik-webmastera.com
Summary | Critical error when trying to edit IMP portal block
| when not authorized for IMP
Queue | IMP
Version | 6.2.1
Type | Bug
State | Duplicate
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
daniel at poradnik-webmastera.com (2014-08-08 09:33) wrote:
The problem is that in addition to message "User is not authorized for
imp." I also see callstack and exception object dumped on page. This
reveals some private informations like installation path. This is a
security issue, such things should not be sent to client unless
explicitly configured to do so.
More information about the bugs
mailing list