Affiliates can see members of communities they are not in
Bug #594131 reported by
Jim B. Glenn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
High
|
Chris Rossi |
Bug Description
I just found a security-related bug. I just logged in as my Affiliate
account (https:/
member of 2 communities, with just a few other users. However, when I
click on the People tab, 195 users show up. If I click on user, who is
not a member of one of the two communities, then I get a forbidden
message, but affiliates should only see people in their communities in
the first place. I have tested with several other Affiliate accounts
with the same result. Please look into why Affiliate users are seeing
non-members of their communities.
Thanks,
Nat
Changed in karl3: | |
status: | New → In Progress |
To post a comment you must log in.
Nat reported in RT at: https:/ /rt01.sixfeetup .com/Ticket/ Display. html?id= 80101