Fixed Any admin can get list of installed Add-ons via file health check

K

Kirby

Well-known member
Affected version
2.2.10
Performing and viewing file health check results via Tools controller is not restricted by any admin permission.
This effectively allows any admin to get a list of installed Add-ons by running a file health check.

As this might be sensitive information, accessing this feature should be restricted to admins with permission Upgrade XenForo or Manage Add-ons.
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.11).

Change log:
Check for "Manage add-ons" permission when viewing or triggering a file health check
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 

Similar threads

Paul B
  • Locked
  • Sticky
  • Question Question
XenForo Cloud FAQ
Replies
0
Views
5K
Paul B
Paul B
Sonnie
XF 2 Looking for trustworthy tech to upgrade forum and add-ons.
Replies
9
Views
3K
Alpha1
Alpha1
Zardoz43
  • Question Question
XF 2.2 How can one add a 'tag' (hashtag?) to a forum/node thread/post?
Replies
1
Views
1K
Paul B
Paul B
B
XF 2 HIRING - Finish an addon I started
Replies
0
Views
868
briansol
B
L
Add-on Bumper
Replies
17
Views
2K
Lawrence
L
Top Bottom