Feature #4186
Tvheadend log expose data to non-admin users
Start date:
2017-01-16
Due date:
% Done:
100%
Estimated time:
Description
Steps for issue re-creation when logged in as admin:
1. Create non-admin user
2. Allow "Web interface" feature for non-admin user
3. Log in to web interface as non-admin user and go to Tvheadend log
4. Observe that all activity and data (IP, Usernames, Mux names..) of admin or any other user is exposed to non-admin user in Tvheadend log!
Tvheadend log should not show and should not be allowed/enabled/visible for non-admin users.
History
Updated by Anonymous over 7 years ago
You can close this ticket now. I can see this has been already fixed, because all is OK in HTS Tvheadend 4.1-2477~g019c946~xenial and no sensitive information are exposed to non-admin users. Good work!
Updated by Jaroslav Kysela over 7 years ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset commit:tvheadend|54e63e3f9af8fdc0d23f61f3cda7fa7b246c1732.