Loading...

XML

Word

Printable

Type: Epic
Resolution: Done-Errata
Priority: Major
Fix Version/s: 2.14.0 GA
Affects Version/s: SaaS, 2.9.1 GA
Component/s: System
Labels:
- 2.14-to-test
- roadmap
- security
- support

Blocked:
False
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Release Note Text:
Undefined
Target Release:

2.14.0 GA
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

The password update form on the developer portal doesn't require entering the previous password thus representing a vulnerability threat.

A pending session enable a malicious user to change the credentials of an account without any oblstacle.

account is impacted by

THREESCALE-11873 Request to mention in upgrade guide that user detail form in Developer Portal needs to be modified manually

New

links to

RHEA-2023:117411 3scale-operator 0.11.7 for RHOAM

RHEA-2023:119803 Release of 3scale operator 0.11.8 for RHOAM - Containers

mentioned on

Merge request - Updated US source to: 8bc4ef1 Remove ul tag from the footer on error page (#3470)

Merge request - Updated US source to: 8bc4ef1 Remove ul tag from the footer on error page (#3470)

Merge request - Updated US source to: 30a647c Merge pull request #3611 from 3scale/small-fixes-in-messages-tables

Merge request - Updated US source to: 74ce8b1 Merge pull request #3615 from 3scale/fix-serialization-for-zync-worker-args

Merge request - Updated US source to: 74f9822 THREESCALE-10272: Skip CSRF protection for events webhook (#3603)

Merge request - Updated US source to: 42871e7 Merge pull request #3472 from 3scale/using_password_method

Merge request - Updated US source to: d4a4feb Require current password when updating personal details at the developer portal (#3201)

Merge request - Updated US source to: ff3fdd8 Merge pull request #3456 from 3scale/THREESCALE-7405-rails-6

(6 mentioned on)

Assignee:: Unassigned

Reporter:: Carlo Palmieri (Inactive)

Tester:: Dominik Hlavac Duran

Designer:: June Zhang

Votes:: 1 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 2021/01/29 10:56 AM

Updated:: 2025/06/18 4:19 AM

Resolved:: 2023/11/29 2:39 PM

Target end:: 2024/04/16