Uploaded image for project: 'Couchbase Gateway'
  1. Couchbase Gateway
  2. CBG-2850

[3.0.7 backport] Avoid leaking information about database existence on public API

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.0.7
    • 3.0.5
    • SyncGateway
    • Security Level: Public
    • None
    • CBG Sprint 120
    • 3

    Description

      Requesting a db endpoint as a non-existent user returns a different result depending on whether the database exists.  

      An existing database returns a 401, while a non-existing database returns a 404.

      It should return a 401 in both cases.  

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            tor.colvin Tor Colvin
            tor.colvin Tor Colvin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty