Cross-tenant URL signing

Steps to reproduce

Both the URL Singing REST Endpoint and the External API - Security Endpoint can be used by authorized users to sign URLs.
Since signing keys do not belong to specific organizations (tenants), any authorized user can indirectly use any signing key.

With other words: An authorized user of organization A can sign URLs of organization B that allows organization A to access distribution artefacts of organization B.

Activity

Show:
Sven Stauber
December 4, 2017, 8:16 AM

Yes, it is ready for review.

Fixed and reviewed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Sven Stauber

Reporter

Sven Stauber

Severity

Security