| Issue 3464: | ls-user-refs after upgrading to 2.11.1 displaying restricted contents for Administrators | |
| 1 person starred this issue and may be notified of changes. | Back to list |
***************************************************************** ***** ***** ***** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!! ***** ***** ***** ***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, CYANOGENMOD, ***** ***** INTERNAL ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.***** ***** ***** ***** THOSE ISSUES BELONG IN DIFFERENT ISSUE TRACKERS ***** ***** ***** ***************************************************************** Affected Version: 2.11.1 What steps will reproduce the problem? 1. ssh -p 29418 <Admin user@our gerrit server> gerrit ls-user-refs -p <our git> -u <Admin user> | tee log-before_upgrade_2.10.4 2.ssh -p 29418 <Admin user@our gerrit server> gerrit ls-user-refs -p <our git> -u <Admin user> | tee log-after_upgrade_2.11.1 3. diff log-after_upgrade_2.11.1 log-before_upgrade_2.10.4 What is the expected output? What do you see instead? No difference was expected but found some additional references listed after upgrade which was then confirmed as references from branch which the admin user doesnt have access. It was given exclusive access to a group where the admin member is not part of. The listed changes were not accessible from GUI as expected and it was only getting listed with ssh ls-user-refs command Please provide any additional information below. We have verified these steps for normal users (developers) and offsite (more restricted than normal developers) and found no issues. Only Admin has this additional data getting displayed which they are not supposed to see. Yes only from ssh command line its displayed but not from GUI.
Jul 3, 2015
Project Member
#1
edwin.ke...@gmail.com
Status:
AwaitingInformation
Jul 3, 2015
Its the refs/changes .... sample as below refs/changes/08/1001008/1
Jul 3, 2015
(No comment was entered for this change.)
Status:
New
|
|
| ► Sign in to add a comment |