Protect Organization related GET requests #3649

New Issue

Closed

opened 2026-03-07 19:01:22 -06:00 by GiteaMirror · 1 comment

GiteaMirror commented 2026-03-07 19:01:22 -06:00

Owner

Copy Link

Originally created by @mprasil on GitHub (May 29, 2018).

It seems that we don't really check user's access rights when doing /organization/* API calls. While this is mostly harmless in theory, we should probably protect all of these under some common check.

It think implementing some form of request guard would probably be the best way to handle that.

Originally created by @mprasil on GitHub (May 29, 2018). It seems that we don't really check user's access rights when doing `/organization/*` API calls. While this is mostly harmless in theory, we should probably protect all of these under some common check. It think implementing some form of request guard would probably be the best way to handle that.

GiteaMirror closed this issue 2026-03-07 19:01:22 -06:00

GiteaMirror commented 2026-03-07 19:01:23 -06:00

Author

Owner

Copy Link

@mprasil commented on GitHub (May 30, 2018):

Submitted an PR #34 to fix this.

@mprasil commented on GitHub (May 30, 2018): Submitted an PR #34 to fix this.

GiteaMirror referenced this issue 2026-03-07 21:08:41 -06:00

[PR #3649] [MERGED] Update crates and small clippy fix #6961

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#3649