My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1586: ssh command 'review' can leak information that a change exists to users without access to the change
2 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by JBjo...@gmail.com, Sep 27, 2012
Affected Version: 2.5

What is the expected output? What do you see instead?
Change exist, but foobar user does not have access to read the change:
# ssh -i ~/test_rsa -p 29418 foobar@localhost gerrit review -s 1,1
# no such change 1one or more approvals failed; review output above

Change does not exist at all:
#ssh -i ~/test_rsa -p 29418 foobar@localhost gerrit review -s 17,1
fatal: "17,1" no such patch set

This might also affect other ssh commands, and also the command under review test-submit-rule

Sign in to add a comment

Powered by Google Project Hosting