Details

    • Benefit:
      Medium
    • Security:
      Yes
    • SLA:
      Not Applicable
    • Rank:
      0|i00sfz:
    • Damage Potential:
      9

      Description

      Walrus does not check authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus and SetBucketVersioningStatus operations.

      Walrus authenticates the user but does not verify that the user is permitted to perform the operation on the bucket.

      I've only verified the SetBucketVersioningStatus issue, the others are from code review so may be incorrect (see WalrusManager)

        Gliffy Diagrams

          Lucidchart Diagrams

            Attachments

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: