Bug 54075 - UCS@school APIs can be used with unsigned authentication tokens
Summary: UCS@school APIs can be used with unsigned authentication tokens
Status: CLOSED DUPLICATE of bug 53534
Alias: None
Product: Components
Classification: Unclassified
Component: ucsschool-apis
Version: unspecified
Hardware: Other Linux
: P5 normal
Target Milestone: ---
Assignee: Ole Schwiegert
QA Contact: UCS@school maintainers
URL:
Keywords:
Depends on: 53454
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-16 15:42 CET by Ole Schwiegert
Modified: 2021-11-16 15:50 CET (History)
4 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Customer ID:
Max CVSS v3 score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ole Schwiegert univentionstaff 2021-11-16 15:42:55 CET 
+++ This bug was initially created as a clone of Bug #53454 +++

The UCS@school API can be used with unsigned authentication tokens. This has to be fixed.

Not as critical as with Kelvin, since the App is not used YET
Comment 1 Ole Schwiegert univentionstaff 2021-11-16 15:50:30 CET 

*** This bug has been marked as a duplicate of bug 53534 ***