CommonAPI: Prevent users from accessing media of other users

commit 1afde067b12ad0062c1820091ea9b0a680819281 upstream.
author: Mint <mint@plagu.ee> 2023-09-02 01:43:25 +0300
committer: Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-09-03 11:19:13 +0200
commit: 535a5ecad04c9c49105a77e7025fe9f4b4d23ba6 (patch)
tree: a1e41c9b4ec0c11380e534eb116e5385e88ca73a /changelog.d/check-attachment-attribution.security
parent: 1f4be2b3495b6df03843f923a53aff5913e1ef0d (diff)
download: pleroma-535a5ecad04c9c49105a77e7025fe9f4b4d23ba6.tar.gz
pleroma-535a5ecad04c9c49105a77e7025fe9f4b4d23ba6.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/check-attachment-attribution.security b/changelog.d/check-attachment-attribution.security
new file mode 100644
index 000000000..e0e46525b
--- /dev/null
+++ b/changelog.d/check-attachment-attribution.security
@@ -0,0 +1 @@
+CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
author	Mint <mint@plagu.ee>	2023-09-02 01:43:25 +0300
committer	Haelwenn (lanodan) Monnier <contact@hacktivis.me>	2023-09-03 11:19:13 +0200
commit	535a5ecad04c9c49105a77e7025fe9f4b4d23ba6 (patch)
tree	a1e41c9b4ec0c11380e534eb116e5385e88ca73a /changelog.d/check-attachment-attribution.security
parent	1f4be2b3495b6df03843f923a53aff5913e1ef0d (diff)
download	pleroma-535a5ecad04c9c49105a77e7025fe9f4b4d23ba6.tar.gz pleroma-535a5ecad04c9c49105a77e7025fe9f4b4d23ba6.zip