You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Icons of unreleased tasks are currently accessible to anyone, even without proper permissions. If a user visits the URL https://rest.ksi.fi.muni.cz/taskContent/TASKID/icon/base.svg (where TASKID corresponds to an unreleased task), they can load and view the icon of that task, despite it not being released.
This behavior potentially exposes information about unreleased tasks to unauthorized users.
Steps to Reproduce
Identify the TASKID of a task that has not yet been released.
Access the following URL in a browser or through an HTTP client: https://rest.ksi.fi.muni.cz/taskContent/TASKID/icon/base.svg
Observe that the icon for the unreleased task is successfully loaded and visible.
Expected Behavior
Icons for unreleased tasks should not be accessible to users without appropriate permissions.
Requests to access icons of unreleased tasks should return an error (e.g., HTTP 403 Forbidden) or redirect to a placeholder image.
The text was updated successfully, but these errors were encountered:
Icons of unreleased tasks are currently accessible to anyone, even without proper permissions. If a user visits the URL
https://rest.ksi.fi.muni.cz/taskContent/TASKID/icon/base.svg
(whereTASKID
corresponds to an unreleased task), they can load and view the icon of that task, despite it not being released.This behavior potentially exposes information about unreleased tasks to unauthorized users.
Steps to Reproduce
TASKID
of a task that has not yet been released.https://rest.ksi.fi.muni.cz/taskContent/TASKID/icon/base.svg
Expected Behavior
The text was updated successfully, but these errors were encountered: