[Bug 11612] New: 404 error page for Intranet may leak information
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11612 Bug ID: 11612 Summary: 404 error page for Intranet may leak information Change sponsored?: --- Product: Koha Version: 3.14 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Staff Client Assignee: koha-bugs@lists.koha-community.org Reporter: isaacbrodsky@live.com QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com Navigating to an non-existent page on the intranet site, (e.g. https://demo-admin.calyx.net.au/test) allows an unauthenticated user to see the top nav bar. If an administrator uses IntranetNav configuration option to add links to the NavBar, those links will be displayed to unauthenticated users. I do not believe any part of the staff client should be visible to unauthenticated users. Administrators might assume no part of it is visible since the login screen completely hides the regular staff interface. Tested on Debian with Koha 3.14. Isaac -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org