1103055 – User email addresses can be retrieved through the REST interface without authentication

Bug 1103055 - User email addresses can be retrieved through the REST interface without authentication

Summary: User email addresses can be retrieved through the REST interface without auth...

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Zanata
Classification:	Retired
Component:	Security
Sub Component:
Version:	development
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Patrick Huang
QA Contact:	Zanata-QA Mailling List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-30 07:18 UTC by David Mason
Modified:	2015-07-31 01:13 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-07-31 01:13:30 UTC
Embargoed:

Attachments	(Terms of Use)

Comment 1 David Mason 2014-08-27 01:39:32 UTC

All REST calls now require authentication, so this issue is less severe. There is still an issue with translator email addresses being shared with other users. We should ensure that sharing of email addresses in this way is consistent with our terms of service.

Comment 2 Damian Jansen 2014-08-28 01:50:30 UTC

Still a problem.  User emails should _never_ be divulged to other users, without permission.
This also enabled scraping for malicious intent.

Comment 3 Zanata Migrator 2015-07-31 01:13:30 UTC

Migrated; check JIRA for bug status: http://zanata.atlassian.net/browse/ZNTA-363

Note You need to log in before you can comment on or make changes to this bug.