projects / cascardo / ipsilon.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ef45f3d) | patch
Fix permission check on SP update
authorPatrick Uiterwijk <puiterwijk@redhat.com>
Tue, 18 Aug 2015 14:26:50 +0000 (16:26 +0200)
committerPatrick Uiterwijk <puiterwijk@redhat.com>
Tue, 8 Sep 2015 13:11:51 +0000 (15:11 +0200)
commit8128e378187e7c836786dac26b8b628401c6953a
treebbcf66bab24c96186265fa85cf39e1d95bc68e11tree | snapshot
parentef45f3deb7b6c8ca4b95f6e027b2bd16a675b598commit | diff
Fix permission check on SP update

The permission check for owner was checking the wrong field,
which would make it possible for anyone to update the Service
Provider owner, making it possible for anyone to change the
SP owner, allowing anyone to change the SP name.

Fixes: CVE-2015-5217

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
ipsilon/providers/saml2/admin.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.