You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@linkis.apache.org by GitBox <gi...@apache.org> on 2022/04/01 13:56:16 UTC

[GitHub] [incubator-linkis] peacewong opened a new issue #1868: [Bug] [1.1.2]UDF restful interface security vulnerability problem

peacewong opened a new issue #1868:
URL: https://github.com/apache/incubator-linkis/issues/1868


   ### Search before asking
   
   - [X] I searched the [issues](https://github.com/apache/incubator-linkis/issues) and found no similar issues.
   
   
   ### Linkis Component
   
   linkis-public-enhancements
   
   ### What happened + What you expected to happen
   
   1. The /api/rest_j/v1/udf/list interface can query other people's function list without authority. By modifying the value of the parameter treeId, you can query the function list in other people's directory without authority.
   /api/rest_j/v1/udf/list接口可越权查询其它人的函数列表,通过修改参数treeId的值，可越权查询其他人目录下的函数列表。
   2. Create a new folder in the directory of others without authority, the interface is: /udf/tree/add
   越权在他人目录下新建文件夹，接口为：/udf/tree/add
   3. Rename someone else's folder without authority: /udf/tree/update
   越权重命名件夹，接口为：/udf/tree/add
   4. Delete other people's folders without authority: /udf/tree/delete
   越权删除他人文件夹: /udf/tree/delete
   
   ### Relevent platform
   
   all
   
   ### Reproduction script
   
   no
   
   ### Anything else
   
   _No response_
   
   ### Are you willing to submit a PR?
   
   - [ ] Yes I am willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@linkis.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@linkis.apache.org
For additional commands, e-mail: dev-help@linkis.apache.org

[GitHub] [incubator-linkis] legendtkl commented on issue #1868: [Bug] [1.1.2]UDF restful interface security vulnerability problem

Posted by GitBox <gi...@apache.org>.

legendtkl commented on issue #1868:
URL: https://github.com/apache/incubator-linkis/issues/1868#issuecomment-1086489423


   I will fix this


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@linkis.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@linkis.apache.org
For additional commands, e-mail: dev-help@linkis.apache.org