ipsilon.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Patrick Uiterwijk <puiterwijk@redhat.com>	2015-08-18 16:26:50 +0200
committer	Patrick Uiterwijk <puiterwijk@redhat.com>	2015-08-21 15:45:00 +0200
commit	826e6339441546f596320f3d73304ab5f7c10de6 (patch)
tree	17d31678b56bac4dcce8b3a2e6c60d3e0ad5bbb4 /tests/blobs/openid_app.py
parent	5f591228346bd96561b693cae43b8f14e4c3b26d (diff)
download	ipsilon-826e6339441546f596320f3d73304ab5f7c10de6.tar.gz ipsilon-826e6339441546f596320f3d73304ab5f7c10de6.tar.xz ipsilon-826e6339441546f596320f3d73304ab5f7c10de6.zip

Fix permission check on SP update

The permission check for owner was checking the wrong field, which would make it possible for anyone to update the Service Provider owner, making it possible for anyone to change the SP owner, allowing anyone to change the SP name. Fixes: CVE-2015-5217 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>

Diffstat (limited to 'tests/blobs/openid_app.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: