Page MenuHomeMiraheze
Create Task
Maniphest T8172

DataDump Does Not Log Actions Taken From API
Closed, ResolvedPublic
Actions

Description

DataDump does not log actions taken from the API leaving you no way of knowing who did what. This should be considered an Insufficient Logging vulnerability.

Event Timeline

Redmin created this task.Oct 14 2021, 17:16
Herald added subscribers: Agent_Isai, Universal_Omega, RhinosF1 and 2 others. · View Herald TranscriptOct 14 2021, 17:16
Redmin added a project: DataDump.Oct 14 2021, 17:17
Herald added projects: Universal Omega, MediaWiki (SRE). · View Herald TranscriptOct 14 2021, 17:17
Redmin moved this task from Backlog to Bugs on the DataDump board.Oct 14 2021, 17:17
Redmin updated the task description. (Show Details)
RhinosF1 added a comment.Oct 15 2021, 07:07

https://github.com/miraheze/DataDump/security/advisories/GHSA-9vf9-ff5x-vcpc

Universal_Omega added a comment.Oct 18 2021, 23:40
In T8172#164713, @RhinosF1 wrote:

https://github.com/miraheze/DataDump/security/advisories/GHSA-9vf9-ff5x-vcpc

https://github.com/miraheze/DataDump/security/advisories/GHSA-g7rp-6h29-428f is the correct one.

Universal_Omega claimed this task.Oct 20 2021, 02:51
Universal_Omega moved this task from Backlog to Short Term on the MediaWiki (SRE) board.
Universal_Omega moved this task from Unsorted to Short Term on the Universal Omega board.
Universal_Omega closed this task as Resolved.Oct 20 2021, 02:54
Universal_Omega changed the visibility from "Custom Policy" to "Public (No Login Required)".
Universal_Omega changed the edit policy from "Custom Policy" to "All Users".