vbresults Well-known member Aug 19, 2024 #1 Affected version 2.3.2 Attachments to XFRM resources bypass the "Can View Resource Images" permission and show a preview of attachments that users shouldn't have the ability to view in any form.
Attachments to XFRM resources bypass the "Can View Resource Images" permission and show a preview of attachments that users shouldn't have the ability to view in any form.
K Kirby Well-known member Aug 19, 2024 #2 Worling ad designed, all atrachment preview images csn be viewed without any permission checks if the URL is known
Worling ad designed, all atrachment preview images csn be viewed without any permission checks if the URL is known
