iF.SVNAdmin
iF.SVNAdmin copied to clipboard
Permission-check for repository listing
It seems there is no permission-check for the repository listing. Any user which has login-permission is allowed to list all repositories on the server including its files. Users should only be allowed to see repos where they have r/rw permissions or where they have the role of access-path manager.
As a workaround I disabled the repo listing in the backend settings.
hi dondieselkopf would u please tell me how to archive the issue, thx!
@keky This issue needs to be fixed in some upcoming releases, which I don't have any influence upon. My security-workaround is to disable the listing of repos altoghether.