[FS#3804] rpcd file Plugin ACLs can be bypassed when used via uhttpd JSON/RPC
openwrt-bugs at lists.openwrt.org
Wed May 12 03:49:04 PDT 2021
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#3804 - rpcd file Plugin ACLs can be bypassed when used via uhttpd JSON/RPC
User who did this - Jo-Philipp Wich (jow-)
> To accomplish this task the rpcd file plugin needs a session id and as the primary session id was not passed down by uhttpd together with the call it is now not there any more.
This sounds like a bug. It is not supposed to work this way.
More information can be found at the following URL:
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the openwrt-bugs