6b5eb95593
This revision introduces additional checks for methods of sessions controller. Before it, only environment ID of user session was checked for equality with environment ID in request. But user from another tenant, that knew environment ID and session ID, was able to call methods for that environment. Additional check, that was introduced in this commit, closes that breach. Change-Id: I34c7431751bb88236b6ffb81b08ccc7c3617e77b Closes-Bug: #1382026 |
||
---|---|---|
.. | ||
middleware | ||
v1 | ||
__init__.py | ||
versions.py |