- Status Closed
- Assigned To No-one
- Private
Opened by monty099 - 20.09.2024
Last edited by nferrari - 23.09.2024
FS#77 - ## Security Report: On click Mark all notifications as read in [admin.alwaysdata.com]
## Security Report: On click Mark all notifications as read in [admin.alwaysdata.com]
Description
When a specific link is sent to another user and clicked, it causes all their notifications to be marked as read
### Steps to Reproduce
1. Log into your account on [admin.alwaysdata.com].
2. Send the link to the user. [https://admin.alwaysdata.com/message/toggle/]
3. The recipient clicks on the link.
All notifications for the user who clicks the link are marked as read.
##POC: https://admin.alwaysdata.com/support/77431/379620-bandicam%202024-09-20%2018-30-42-910.mp4
## Impact
Users may lose track of important notifications. In addition, it raises concerns about the security and integrity of user account management, as an attacker could exploit this vulnerability to manipulate notification statuses.
23.09.2024 10:14
Reason for closing: Invalid
Additional comments about closing:
Hi,
Thank you for you report.
The technical statement is right. However, there is no security issue.
Report is closed.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task