projects / cascardo / ipsilon.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5f59122) | patch
Fix permission check on SP update
authorPatrick Uiterwijk <puiterwijk@redhat.com>
Tue, 18 Aug 2015 14:26:50 +0000 (16:26 +0200)
committerPatrick Uiterwijk <puiterwijk@redhat.com>
Fri, 21 Aug 2015 13:45:00 +0000 (15:45 +0200)
commit826e6339441546f596320f3d73304ab5f7c10de6
tree17d31678b56bac4dcce8b3a2e6c60d3e0ad5bbb4tree | snapshot
parent5f591228346bd96561b693cae43b8f14e4c3b26dcommit | diff
Fix permission check on SP update

The permission check for owner was checking the wrong field,
which would make it possible for anyone to update the Service
Provider owner, making it possible for anyone to change the
SP owner, allowing anyone to change the SP name.

Fixes: CVE-2015-5217

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
ipsilon/providers/saml2/admin.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.