libretic
/
etherpad-lite
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
etherpad-lite/tests/backend/specs
History
Richard Hansen b80a37173e security: Fix authorization bypass vulnerability 
Before, a malicious user could bypass authorization restrictions
imposed by the authorize hook:

 * Step 1: Fetch any resource that the malicious user is authorized to
   access (e.g., static content).
 * Step 2: Use the signed express_sid cookie generated in step 1 to
   create a socket.io connection.
 * Step 3: Perform the CLIENT_READY handshake for the desired pad.
 * Step 4: Profit!

Now the authorization decision made by the authorize hook is
propagated to SecurityManager so that it can approve or reject
socket.io messages as appropriate.

This also sets up future support for per-user read-only and
modify-only (no create) authorization levels.
 		2020-09-15 21:40:25 +01:00
..
api bugfix/import: doc import bugfix (#4235) 2020-08-30 14:11:12 +01:00
contentcollector.js tests/editor/ul/li/ol/import/export: Introduce contentcollector.js tests & various OL/UL/LI related bugfixes 2020-06-05 20:54:16 +01:00
socketio.js security: Fix authorization bypass vulnerability 2020-09-15 21:40:25 +01:00