Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-26843

Fix security not restricted enough when logging anew with a restricted user

    Details

    • Release Notes Summary:
      The BasicAuth challenge is not displayed when a request comes with the Cookie header.
    • Tags:
    • Backlog priority:
      800
    • Browser:
    • Sprint:
      nxsupport 11.1.7

      Description

      In WebUI, if session times out, you are prompted to log again using basic authentication pop-up.
      When logging as another user than the previous one, the display enables the new user to see many features enabled to the previous user, e.g. Administrator.

      Requesting to display only features enabled to the new user after relogging.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 40 minutes
                  2h 40m

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.