CommonAPI: Prevent users from accessing media of other users

commit 1afde067b1 upstream.
2023-09-02 01:43:25 +03:00 · 2023-09-02 01:43:25 +03:00 · 535a5ecad0
commit 535a5ecad0
parent 1f4be2b349
9 changed files with 85 additions and 30 deletions
--- a/changelog.d/check-attachment-attribution.security
+++ b/changelog.d/check-attachment-attribution.security
@ -0,0 +1 @@
+CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
				`@ -0,0 +1 @@`
				`CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID`