Feeling Lucky
J4 Issue
?
[#15785] - [4.0] [Security] Modules list url is available to unauthenticated users
- Closed
- 10 Feb 2019
- Medium
- Build: staging
- # 15785
Steps to reproduce the issue
Set "Statistics" module to Access = Super Admins only
Ensure you are logged out of the frontend
using a valid token fake url:
Expected result
I should not be able to see a list of modules - I can
or
I should only be able to see a list of modules that my current user privilege allows - I can see modules with "Super User" only
Actual result
{
success: true,
message: null,
messages: null,
data: [
",1,1. Archived Articles",
",2,2. Latest News",
",3,3. Articles Most Read",
",4,4. Feed Display",
",5,5. News Flash",
",6,6. Random Image",
",7,7. Articles Related Items",
",8,8. Statistics",
",9,9. Users Latest",
",10,10. Who's Online",
",11,11. Wrapper",
",12,12. Footer",
",13,13. Menu Example",
",14,14. Custom",
",15,15. Breadcrumbs",
",16,16. Banners",
",17,17. Articles Categories",
",18,18. Articles Category",
",19,19. Popular Tags",
",20,20. Similar Tags"
]
}
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Category | ⇒ | Authentication |
| Title |
|
||||||
| Status | New | ⇒ | Information Required | ||||
| Status | Information Required | ⇒ | Discussion |
brianteeman
- | Labels |
Added:
J4 Issue
|
||
| Status | Discussion | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-02-10 21:33:43 |
| Closed_By | ⇒ | PhilETaylor |
@mbabker should this be added to Projects?
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15785.