Project

General

Profile

Actions
Copy link

SoftPos #5

open

Unauthenticated API

Added by Redmine Admin 4 months ago. Updated 4 months ago.

Status:
New
Priority:
Medium
Assignee:
LIQUID/hosam gemei
Category:
Re Test
Start date:
12/18/2024
Due date:
% Done:

100%

Estimated time:

Description

Description
The application has several API endpoints that responds to HTTP requests without any
authentication. This issue can lead to data leakage of user and merchant information.
• /merchants//outlets
• /transactions/financial/
• /transactions/financial/search
• /merchants//users

Files

Screenshot 2024-12-18 161616.png (101 KB) Screenshot 2024-12-18 161616.png Redmine Admin, 12/18/2024 02:16 PM
Actions
Copy link
 #1

Updated by Redmine Admin 4 months ago

  • Category set to Re Test
Actions
Copy link
 #2

Updated by Redmine Admin 4 months ago

  • Priority changed from High to Medium
Actions
Copy link
 #3

Updated by Redmine Admin 4 months ago

  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF