Closed Bug 281181 Opened 20 years ago Closed 18 years ago

[SECURITY] It's way too easy to delete versions/components/milestones etc...

Categories

(Bugzilla :: Administration, task)

2.19
task
Not set
major

Tracking

()

RESOLVED FIXED
Bugzilla 2.22

People

(Reporter: bugzilla, Assigned: LpSolit)

References

Details

(Whiteboard: [ready for 2.22.1][ready for 2.23.3])

Attachments

(4 files, 9 obsolete files)

(deleted), image/png
Details
(deleted), image/png
Details
(deleted), patch
mkanat
: review+
Details | Diff | Splinter Review
(deleted), patch
mkanat
: review+
Details | Diff | Splinter Review
This may have been covered before a long time ago, and not been considered an issue, but if I could get an admin to click on the following URL (which is intentionally broken to avoid any accidents, but you get the point), this could really mess things up, couldn't it? http://bugzilla.mozilla.gorg/editversions.cgi?action=delete&product=Bugzilla&version=2.19 I'm thinking there should be some sort of token passing going on from the intermediate 'are you sure you want to delete' page???
sounds like a dupe of bug 26257
although not exactly, and that seems specifically geared towards bugs... there's a bunch of places we really should be doing this sort of thing though. Another weapon in this arsenal is to not accept GET requests for actions which modify things (require POST)
(In reply to comment #1) > sounds like a dupe of bug 26257 > I agree! The topic is the same, even if the summary in bug 26257 mentions bugs only. justdave, my opinion is that we should morph the summary of bug 26257 and fix this problem globally. The idea about using tokens has already been suggested in the other bug and I used this idea in the patch I submitted there.
While using POST would get around the problem of allowing a simple link to do the dirty deed, it would not really solve the problem as a whole. Javascript could still be used to perform this action and because of the nature of scripting, could do it even more effective (if somebody wanted to be really fancy, they could retreive product information to determine what they want to delete instead of just knowing what exists.
Certainly too late for 2.20, but we should take care of this in the near future. Better safe than sorry. (13:33:16) LpSolit: these tinyURLs are a bit dangerous... I could set one to delete all bugs and users and ask an admin to click the link.... there is no protection :( (13:34:08) mkanat: LpSolit: Hrm. Maybe we should have tokens from the deletion-confirmation pages. (13:34:13) Wurblzap: True... Not good (13:35:29) LpSolit: mkanat: I think so too...
Target Milestone: --- → Bugzilla 2.22
Assignee: administration → LpSolit
Depends on: 297646
Status: NEW → ASSIGNED
Target Milestone: Bugzilla 2.22 → Bugzilla 2.18
Blocks: 346524
Blocks: 346525
No longer blocks: 346524
Flags: blocking2.22.1?
Flags: blocking2.20.3?
Flags: blocking2.18.6?
LpSolit says that he's working on this, and I'll certainly be glad to see it fixed in our next releases. :-)
Flags: blocking2.22.1?
Flags: blocking2.22.1+
Flags: blocking2.20.3?
Flags: blocking2.20.3+
Flags: blocking2.18.6?
Flags: blocking2.18.6+
Attached patch patch for tip, v1 (obsolete) (deleted) — Splinter Review
Do we really want such a monster on branches (73 Kb)? :-/
Attachment #231960 - Flags: review?(mkanat)
Attached patch patch for tip, v1.1 (obsolete) (deleted) — Splinter Review
Unbitrotten patch (my previous patch was bitrotten because a guy renamed WriteParams to write_params. Indication: this guy is the module owner of checksetup.pl)
Attachment #231960 - Attachment is obsolete: true
Attachment #232008 - Flags: review?(mkanat)
Attachment #231960 - Flags: review?(mkanat)
I'm not particularly convinced this bug needs to be backported to the branches. While this bug has 'security' related implications, it is not a security bug as such; the old behavior was somewhat vulnerable to social engineering attempts, and this patch makes that impossible. I'd be inclined to land this on the trunk as a 'security improvement' and not to do the backports. Of course, this does mean that someone could happen to learn about this bug after it lands on the trunk and use it to attempt an attack on a branch-running installation, but it's not as though this is a new problem or different from the way in which most web applications work.
Comment on attachment 232008 [details] [diff] [review] patch for tip, v1.1 >Index: Bugzilla/Token.pm > >+# Given a token, makes sure it comes from the currently logged in user >+# and match the expected event. Returns 1 on success, else displays a warning. >+sub check_token_data { >+ my ($token, $expected_action) = @_; >+ my $user = Bugzilla->user; >+ my $template = Bugzilla->template; >+ my $cgi = Bugzilla->cgi; >+ >+ my ($creator_id, $date, $token_action) = GetTokenData($token); >+ unless ($creator_id >+ && $creator_id == $user->id >+ && $token_action eq $expected_action) >+ { >+ # Something is going wrong. Ask confirmation before processing. >+ # It is possible that someone tried to trick an administrator. >+ # In this case, we want to know his name! It's also possible there's no token, right? In which case we'd still want to display the confirmation page, not an error page. > $vars->{'script_name'} = basename($0); That won't work in the minimum supported version of mod_perl, because $0 is broken until mod_perl 2.0.2. >+$vars->{'token'} = issue_session_token('createbug:'); Let's just name the tokens after the page. So, in this case, it would be called enter_bug. > if ($action eq 'add') { >+ $vars->{'token'} = issue_session_token('add_classification'); > LoadTemplate($action); > } Instead of having a different token for every single action that an edit* page can do, let's just have one token name. For this, for example, it would be edit_classifications. It doesn't actually give us any significant additional security to have a different token for every action, since the tokens themselves are unique and unguessable. >Index: template/en/default/admin/confirm-action.html.tmpl > [snip] > >+[% IF abuser %] >+ <div class="throw_error"> >+ <p>The following token has been used while processing the script >+ '[% script_name FILTER html %]':</p> > [snip] I think you'll need to explain this more. Most users will have no idea that a page issues a token, so this error message will have to be more descriptive. Something like, "You are trying to perform this action without having come from the correct previous page." And yeah, this is huge. I think we should ask justdave for authority to not backport it.
Attachment #232008 - Flags: review?(mkanat) → review-
if we plan to land this now instead of waiting for 3.0, we should go ahead and backport this to 2.22. Backporting to anything older would be masochistic. Zach's second paragraph in comment 9 worries me though, we probably still shouldn't yank the security flag till it's available for download.
Retargetting to 2.22 per justdave's comment. Removing the blocking flags for older releases.
Flags: blocking2.20.3+
Flags: blocking2.18.6+
Target Milestone: Bugzilla 2.18 → Bugzilla 2.22
Attached image Warning when a token is passed but is invalid (obsolete) (deleted) —
Here is the warning you get when the token passed to the script is invalid, i.e. the token exists in the the DB, but is not expected to be used here.
Attached image Warning when a token is missing (deleted) —
Now the warning you get when the passed token doesn't exist in the DB or when no token has been passed at all. Now, I let the user submit changes if he really wants to (compared to the previous case where having an invalid token is clearly the result of some external attack).
Per discussion with justdave on IRC, I removed the creation date of the token, which was useless, and now only mismatches between data contained in the token and the expected ones are shown (meaning that you could have only one of the two fields in bold displayed if the other one is fine).
Attachment #232133 - Attachment is obsolete: true
Attached patch patch for tip, v2 (obsolete) (deleted) — Splinter Review
Per discussion with mkanat on IRC, I only fix his comment about a better wording in the warning message. All other comments were discussed and we agreed that they didn't need to be addressed. This patch also fixes 2 mistakes in editusers.cgi and editflagtypes.cgi.
Attachment #232008 - Attachment is obsolete: true
Attachment #232149 - Flags: review?(mkanat)
Comment on attachment 232149 [details] [diff] [review] patch for tip, v2 This looks great. LpSolit says he tested every single token--I trust his testing completely.
Attachment #232149 - Flags: review?(mkanat) → review+
Attached patch unbitrotten patch for tip, v2.1 (obsolete) (deleted) — Splinter Review
unbitrot (in editusers.cgi and editkeywords.cgi)
Attachment #232149 - Attachment is obsolete: true
Attachment #236548 - Flags: review+
Attached patch patch for 2.22, v1 (obsolete) (deleted) — Splinter Review
Backport for 2.22. I tested my patch; no problem found.
Attachment #236560 - Flags: review?(mkanat)
Comment on attachment 236560 [details] [diff] [review] patch for 2.22, v1 Yep, this looks basically like the tip patch, so r=mkanat by inspection and by trusting your testing.
Attachment #236560 - Flags: review?(mkanat) → review+
Flags: approval?
Flags: approval2.22?
Whiteboard: [ready for 2.99.3][ready for 2.22.1]
Flags: approval?
Flags: approval2.22?
Flags: approval2.22+
Flags: approval+
Whiteboard: [ready for 2.99.3][ready for 2.22.1] → [ready for 2.22.1][ready for 2.23.3]
Attached patch unbitrotten patch for tip, v2.2 (obsolete) (deleted) — Splinter Review
There were many conflicts, especially in editkeywords.cgi. Now that we have editfields.cgi, we will also have to protect this file. I will attach a separate patch for this file, so that you don't have to review the whole patch again.
Attachment #236548 - Attachment is obsolete: true
Attachment #239855 - Flags: review+
*** Bug 354274 has been marked as a duplicate of this bug. ***
In the scenario where a forged page is opened in a hidden iframe, is it possible to use JavaScript to click the confirmation button on Bugzilla's warning page?
(In reply to comment #23) > In the scenario where a forged page is opened in a hidden iframe, is it > possible to use JavaScript to click the confirmation button on Bugzilla's > warning page? > No, I don't think you can. That's because your web browser will reject JS actions on pages which are on a different server. If your browser is crazy enough to let you do it (I know that Fx prevents this, and I'm almost sure IE and Opera prevent it too), then that's a bug in your browser, not in Bugzilla.
Why are tokens recorded in the database? Wouldn't it be better to use some stateless token, such as the one I described in Bug 354274?
Damien is right. The clever scheme he outlines in bug 354274 doesn't require use of the database. This means we don't have any storage or expiry issues. Frederic: would you care to evaluate his plan and see if we can use it? Gerv
(In reply to comment #26) > Frederic: would you care to evaluate his plan and see if we can use it? All the code in CGIs would stay there. The only difference is that we wouldn't use Token.pm anymore. So the benefit is low from this point of view. We are too close to 2.23.3 to change these patches now anyway. This could be fixed in a separate bug, assuming that's something we want to do.
Attached patch updated patch for tip, v2.3 (obsolete) (deleted) — Splinter Review
The checkin of bug 87795 happened after the patch of this bug was initially reviewed, and so this patch didn't catch an instance of DeleteToken() which was introduced by bug 87795. This updated patch renames this instance of DeleteToken() to delete_token(). This catch has been made by our Selenium scripts. Carrying forward Max's r+.
Attachment #239855 - Attachment is obsolete: true
Attachment #240660 - Flags: review+
Attached patch unbitrotten patch for 2.22, v1.1 (obsolete) (deleted) — Splinter Review
The previous patch was slightly bitrotten due to the checkin of bug 323912 on the 2.22 branch, which was required to have this patch working correctly when deleting a group. This problem has been found by our Selenium scripts.
Attachment #236560 - Attachment is obsolete: true
Attachment #240662 - Flags: review+
(In reply to comment #28) > Created an attachment (id=240660) [edit] > updated patch for tip, v2.3 > This catch has been made by our Selenium scripts. Oops, that's incorrect. This one has been found by ghendricks. :) The one for 2.22 has really been found by our Selenium scripts though.
Attached patch patch for 2.22, v1.2 (deleted) — Splinter Review
While running Selenium scripts on 2.22, we found that you couldn't add or edit a flagtype if you were adding or removing it from a product/component. This patch fixes this problem. No other changes.
Attachment #240662 - Attachment is obsolete: true
Attachment #240858 - Flags: review?(mkanat)
Comment on attachment 240858 [details] [diff] [review] patch for 2.22, v1.2 The interdiff looks fine to me. I also trust the QA tests.
Attachment #240858 - Flags: review?(mkanat) → review+
Attached patch patch for tip, v2.4 (deleted) — Splinter Review
This patch fixes editflagtypes.cgi when adding/removing flagtypes from the inclusion/exclusion lists (same as the patch for 2.22), and also implements this token protection for editfields.cgi, which has been checked in meanwhile. I also removed the 2 die() in this CGI as some people don't like the path to their installation to be displayed.
Attachment #240660 - Attachment is obsolete: true
Attachment #240860 - Flags: review?(mkanat)
Comment on attachment 240860 [details] [diff] [review] patch for tip, v2.4 r=mkanat by inspection and trusting QA tests.
Attachment #240860 - Flags: review?(mkanat) → review+
tip: Checking in attachment.cgi; /cvsroot/mozilla/webtools/bugzilla/attachment.cgi,v <-- attachment.cgi new revision: 1.124; previous revision: 1.123 done Checking in editclassifications.cgi; /cvsroot/mozilla/webtools/bugzilla/editclassifications.cgi,v <-- editclassifications.cgi new revision: 1.26; previous revision: 1.25 done Checking in editcomponents.cgi; /cvsroot/mozilla/webtools/bugzilla/editcomponents.cgi,v <-- editcomponents.cgi new revision: 1.78; previous revision: 1.77 done Checking in editfields.cgi; /cvsroot/mozilla/webtools/bugzilla/editfields.cgi,v <-- editfields.cgi new revision: 1.5; previous revision: 1.4 done Checking in editflagtypes.cgi; /cvsroot/mozilla/webtools/bugzilla/editflagtypes.cgi,v <-- editflagtypes.cgi new revision: 1.48; previous revision: 1.47 done Checking in editgroups.cgi; /cvsroot/mozilla/webtools/bugzilla/editgroups.cgi,v <-- editgroups.cgi new revision: 1.81; previous revision: 1.80 done Checking in editkeywords.cgi; /cvsroot/mozilla/webtools/bugzilla/editkeywords.cgi,v <-- editkeywords.cgi new revision: 1.43; previous revision: 1.42 done Checking in editmilestones.cgi; /cvsroot/mozilla/webtools/bugzilla/editmilestones.cgi,v <-- editmilestones.cgi new revision: 1.55; previous revision: 1.54 done Checking in editparams.cgi; /cvsroot/mozilla/webtools/bugzilla/editparams.cgi,v <-- editparams.cgi new revision: 1.41; previous revision: 1.40 done Checking in editproducts.cgi; /cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v <-- editproducts.cgi new revision: 1.130; previous revision: 1.129 done Checking in editsettings.cgi; /cvsroot/mozilla/webtools/bugzilla/editsettings.cgi,v <-- editsettings.cgi new revision: 1.9; previous revision: 1.8 done Checking in editusers.cgi; /cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v <-- editusers.cgi new revision: 1.138; previous revision: 1.137 done Checking in editvalues.cgi; /cvsroot/mozilla/webtools/bugzilla/editvalues.cgi,v <-- editvalues.cgi new revision: 1.19; previous revision: 1.18 done Checking in editversions.cgi; /cvsroot/mozilla/webtools/bugzilla/editversions.cgi,v <-- editversions.cgi new revision: 1.52; previous revision: 1.51 done Checking in editwhines.cgi; /cvsroot/mozilla/webtools/bugzilla/editwhines.cgi,v <-- editwhines.cgi new revision: 1.20; previous revision: 1.19 done Checking in enter_bug.cgi; /cvsroot/mozilla/webtools/bugzilla/enter_bug.cgi,v <-- enter_bug.cgi new revision: 1.150; previous revision: 1.149 done Checking in relogin.cgi; /cvsroot/mozilla/webtools/bugzilla/relogin.cgi,v <-- relogin.cgi new revision: 1.39; previous revision: 1.38 done Checking in token.cgi; /cvsroot/mozilla/webtools/bugzilla/token.cgi,v <-- token.cgi new revision: 1.47; previous revision: 1.46 done Checking in Bugzilla/Token.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Token.pm,v <-- Token.pm new revision: 1.49; previous revision: 1.48 done Checking in skins/standard/global.css; /cvsroot/mozilla/webtools/bugzilla/skins/standard/global.css,v <-- global.css new revision: 1.24; previous revision: 1.23 done Checking in template/en/default/filterexceptions.pl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/filterexceptions.pl,v <-- filterexceptions.pl new revision: 1.82; previous revision: 1.81 done RCS file: /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/confirm-action.html.tmpl,v done Checking in template/en/default/admin/confirm-action.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/confirm-action.html.tmpl,v <-- confirm-action.html.tmpl initial revision: 1.1 done Checking in template/en/default/admin/classifications/add.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/add.html.tmpl,v <-- add.html.tmpl new revision: 1.4; previous revision: 1.3 done Checking in template/en/default/admin/classifications/del.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/del.html.tmpl,v <-- del.html.tmpl new revision: 1.6; previous revision: 1.5 done Checking in template/en/default/admin/classifications/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.10; previous revision: 1.9 done Checking in template/en/default/admin/classifications/reclassify.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/reclassify.html.tmpl,v <-- reclassify.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/components/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.8; previous revision: 1.7 done Checking in template/en/default/admin/components/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/create.html.tmpl,v <-- create.html.tmpl new revision: 1.9; previous revision: 1.8 done Checking in template/en/default/admin/components/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.10; previous revision: 1.9 done Checking in template/en/default/admin/custom_fields/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/custom_fields/create.html.tmpl,v <-- create.html.tmpl new revision: 1.3; previous revision: 1.2 done Checking in template/en/default/admin/custom_fields/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/custom_fields/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.4; previous revision: 1.3 done Checking in template/en/default/admin/fieldvalues/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/fieldvalues/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/fieldvalues/create.html.tmpl,v <-- create.html.tmpl new revision: 1.4; previous revision: 1.3 done Checking in template/en/default/admin/fieldvalues/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/fieldvalues/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.6; previous revision: 1.5 done Checking in template/en/default/admin/flag-type/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/flag-type/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/flag-type/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/flag-type/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.22; previous revision: 1.21 done Checking in template/en/default/admin/flag-type/list.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/flag-type/list.html.tmpl,v <-- list.html.tmpl new revision: 1.16; previous revision: 1.15 done Checking in template/en/default/admin/groups/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/create.html.tmpl,v <-- create.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/groups/delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/delete.html.tmpl,v <-- delete.html.tmpl new revision: 1.10; previous revision: 1.9 done Checking in template/en/default/admin/groups/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.9; previous revision: 1.8 done Checking in template/en/default/admin/keywords/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/keywords/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.6; previous revision: 1.5 done Checking in template/en/default/admin/keywords/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/keywords/create.html.tmpl,v <-- create.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/keywords/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/keywords/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.8; previous revision: 1.7 done Checking in template/en/default/admin/milestones/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/milestones/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/milestones/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/milestones/create.html.tmpl,v <-- create.html.tmpl new revision: 1.5; previous revision: 1.4 done Checking in template/en/default/admin/milestones/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/milestones/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.6; previous revision: 1.5 done Checking in template/en/default/admin/params/editparams.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/params/editparams.html.tmpl,v <-- editparams.html.tmpl new revision: 1.4; previous revision: 1.3 done Checking in template/en/default/admin/products/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.6; previous revision: 1.5 done Checking in template/en/default/admin/products/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/create.html.tmpl,v <-- create.html.tmpl new revision: 1.4; previous revision: 1.3 done Checking in template/en/default/admin/products/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/products/groupcontrol/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/groupcontrol/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/settings/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/settings/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.6; previous revision: 1.5 done Checking in template/en/default/admin/users/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.14; previous revision: 1.13 done Checking in template/en/default/admin/users/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/create.html.tmpl,v <-- create.html.tmpl new revision: 1.3; previous revision: 1.2 done Checking in template/en/default/admin/users/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/admin/versions/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/versions/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.6; previous revision: 1.5 done Checking in template/en/default/admin/versions/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/versions/create.html.tmpl,v <-- create.html.tmpl new revision: 1.4; previous revision: 1.3 done Checking in template/en/default/admin/versions/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/versions/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.4; previous revision: 1.3 done Checking in template/en/default/whine/schedule.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/whine/schedule.html.tmpl,v <-- schedule.html.tmpl new revision: 1.7; previous revision: 1.6 done 2.22: Checking in editclassifications.cgi; /cvsroot/mozilla/webtools/bugzilla/editclassifications.cgi,v <-- editclassifications.cgi new revision: 1.18.2.1; previous revision: 1.18 done Checking in editcomponents.cgi; /cvsroot/mozilla/webtools/bugzilla/editcomponents.cgi,v <-- editcomponents.cgi new revision: 1.68.2.1; previous revision: 1.68 done Checking in editflagtypes.cgi; /cvsroot/mozilla/webtools/bugzilla/editflagtypes.cgi,v <-- editflagtypes.cgi new revision: 1.31.2.1; previous revision: 1.31 done Checking in editgroups.cgi; /cvsroot/mozilla/webtools/bugzilla/editgroups.cgi,v <-- editgroups.cgi new revision: 1.65.2.4; previous revision: 1.65.2.3 done Checking in editkeywords.cgi; /cvsroot/mozilla/webtools/bugzilla/editkeywords.cgi,v <-- editkeywords.cgi new revision: 1.35.2.2; previous revision: 1.35.2.1 done Checking in editmilestones.cgi; /cvsroot/mozilla/webtools/bugzilla/editmilestones.cgi,v <-- editmilestones.cgi new revision: 1.49.2.1; previous revision: 1.49 done Checking in editparams.cgi; /cvsroot/mozilla/webtools/bugzilla/editparams.cgi,v <-- editparams.cgi new revision: 1.32.2.2; previous revision: 1.32.2.1 done Checking in editproducts.cgi; /cvsroot/mozilla/webtools/bugzilla/editproducts.cgi,v <-- editproducts.cgi new revision: 1.110.2.4; previous revision: 1.110.2.3 done Checking in editsettings.cgi; /cvsroot/mozilla/webtools/bugzilla/editsettings.cgi,v <-- editsettings.cgi new revision: 1.6.2.1; previous revision: 1.6 done Checking in editusers.cgi; /cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v <-- editusers.cgi new revision: 1.113.2.1; previous revision: 1.113 done Checking in editvalues.cgi; /cvsroot/mozilla/webtools/bugzilla/editvalues.cgi,v <-- editvalues.cgi new revision: 1.9.2.2; previous revision: 1.9.2.1 done Checking in editversions.cgi; /cvsroot/mozilla/webtools/bugzilla/editversions.cgi,v <-- editversions.cgi new revision: 1.44.2.2; previous revision: 1.44.2.1 done Checking in editwhines.cgi; /cvsroot/mozilla/webtools/bugzilla/editwhines.cgi,v <-- editwhines.cgi new revision: 1.13.2.1; previous revision: 1.13 done Checking in relogin.cgi; /cvsroot/mozilla/webtools/bugzilla/relogin.cgi,v <-- relogin.cgi new revision: 1.32.2.3; previous revision: 1.32.2.2 done Checking in Bugzilla/Token.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Token.pm,v <-- Token.pm new revision: 1.39.2.1; previous revision: 1.39 done Checking in skins/standard/global.css; /cvsroot/mozilla/webtools/bugzilla/skins/standard/global.css,v <-- global.css new revision: 1.16.2.3; previous revision: 1.16.2.2 done Checking in template/en/default/filterexceptions.pl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/filterexceptions.pl,v <-- filterexceptions.pl new revision: 1.61.2.4; previous revision: 1.61.2.3 done Checking in template/en/default/admin/confirm-action.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/confirm-action.html.tmpl,v <-- confirm-action.html.tmpl new revision: 1.1.2.1; previous revision: 1.1 done Checking in template/en/default/admin/classifications/add.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/add.html.tmpl,v <-- add.html.tmpl new revision: 1.1.10.1; previous revision: 1.1 done Checking in template/en/default/admin/classifications/del.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/del.html.tmpl,v <-- del.html.tmpl new revision: 1.3.2.2; previous revision: 1.3.2.1 done Checking in template/en/default/admin/classifications/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.6.2.2; previous revision: 1.6.2.1 done Checking in template/en/default/admin/classifications/reclassify.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/reclassify.html.tmpl,v <-- reclassify.html.tmpl new revision: 1.4.2.2; previous revision: 1.4.2.1 done Checking in template/en/default/admin/components/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.4.2.2; previous revision: 1.4.2.1 done Checking in template/en/default/admin/components/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/create.html.tmpl,v <-- create.html.tmpl new revision: 1.4.2.1; previous revision: 1.4 done Checking in template/en/default/admin/components/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.5.2.1; previous revision: 1.5 done Checking in template/en/default/admin/fieldvalues/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.4.2.1; previous revision: 1.4 done Checking in template/en/default/admin/fieldvalues/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/fieldvalues/create.html.tmpl,v <-- create.html.tmpl new revision: 1.2.4.1; previous revision: 1.2 done Checking in template/en/default/admin/fieldvalues/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/fieldvalues/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.3.2.1; previous revision: 1.3 done Checking in template/en/default/admin/flag-type/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/flag-type/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.5.12.1; previous revision: 1.5 done Checking in template/en/default/admin/flag-type/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/flag-type/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.14.2.3; previous revision: 1.14.2.2 done Checking in template/en/default/admin/flag-type/list.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/flag-type/list.html.tmpl,v <-- list.html.tmpl new revision: 1.10.6.1; previous revision: 1.10 done Checking in template/en/default/admin/groups/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/create.html.tmpl,v <-- create.html.tmpl new revision: 1.4.10.1; previous revision: 1.4 done Checking in template/en/default/admin/groups/delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/delete.html.tmpl,v <-- delete.html.tmpl new revision: 1.6.2.2; previous revision: 1.6.2.1 done Checking in template/en/default/admin/groups/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.5.6.3; previous revision: 1.5.6.2 done Checking in template/en/default/admin/keywords/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/keywords/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.3.12.1; previous revision: 1.3 done Checking in template/en/default/admin/keywords/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/keywords/create.html.tmpl,v <-- create.html.tmpl new revision: 1.4.12.1; previous revision: 1.4 done Checking in template/en/default/admin/keywords/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/keywords/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.4.2.1; previous revision: 1.4 done Checking in template/en/default/admin/milestones/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/milestones/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.4.2.1; previous revision: 1.4 done Checking in template/en/default/admin/milestones/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/milestones/create.html.tmpl,v <-- create.html.tmpl new revision: 1.2.2.1; previous revision: 1.2 done Checking in template/en/default/admin/milestones/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/milestones/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.3.2.1; previous revision: 1.3 done Checking in template/en/default/admin/params/editparams.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/params/editparams.html.tmpl,v <-- editparams.html.tmpl new revision: 1.2.2.1; previous revision: 1.2 done Checking in template/en/default/admin/products/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.3.2.2; previous revision: 1.3.2.1 done Checking in template/en/default/admin/products/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/create.html.tmpl,v <-- create.html.tmpl new revision: 1.3.2.1; previous revision: 1.3 done Checking in template/en/default/admin/products/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.5.2.2; previous revision: 1.5.2.1 done Checking in template/en/default/admin/products/groupcontrol/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/groupcontrol/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.6.2.1; previous revision: 1.6 done Checking in template/en/default/admin/settings/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/settings/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.3.4.2; previous revision: 1.3.4.1 done Checking in template/en/default/admin/users/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.7.2.4; previous revision: 1.7.2.3 done Checking in template/en/default/admin/users/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/create.html.tmpl,v <-- create.html.tmpl new revision: 1.1.6.1; previous revision: 1.1 done Checking in template/en/default/admin/users/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.2.2.3; previous revision: 1.2.2.2 done Checking in template/en/default/admin/versions/confirm-delete.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/versions/confirm-delete.html.tmpl,v <-- confirm-delete.html.tmpl new revision: 1.3.4.1; previous revision: 1.3 done Checking in template/en/default/admin/versions/create.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/versions/create.html.tmpl,v <-- create.html.tmpl new revision: 1.1.8.1; previous revision: 1.1 done Checking in template/en/default/admin/versions/edit.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/versions/edit.html.tmpl,v <-- edit.html.tmpl new revision: 1.1.8.1; previous revision: 1.1 done Checking in template/en/default/whine/schedule.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/whine/schedule.html.tmpl,v <-- schedule.html.tmpl new revision: 1.3.2.1; previous revision: 1.3 done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Summary: It's way too easy to delete versions/components/milestones etc... → [SECURITY] It's way too easy to delete versions/components/milestones etc...
Security Advisory has been sent, so this bug is no longer private.
Group: webtools-security
Blocks: 26257
Blocks: 466692
No longer blocks: 466692
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: