Project

General

Profile

Actions
Copy link

Bug #6233

closed

Security issue - consultation seens by others

Added by Olivier Bitsch 6 months ago. Updated 6 months ago.

Status:
Rejected
Priority:
Urgent
Assignee:
Gor Grigoryan
Category:
-
Target version:
5.0.0
Start date:
11/21/2023
Due date:
% Done:

0%

Estimated time:

Description

We have security issue :

  • Admin can see websocket notification of consultation not sent by him and consultation not in his queue.
  • Admin can see on page refresh consultation not in his queue.
  • Doctor and Admin can see all opened consultations while he should see only him.

Doctor and Admin should have same behaviour.

Actions
Copy link
 #1

Updated by Olivier Bitsch 6 months ago

  • Status changed from In Study to Rejected

Admin can see everything !

Actions
Copy link

Also available in: Atom PDF