Timeline provides access to private user content

 
 
I believe that there is a security vulnerability that provides users access to content on private user profiles. User story below:
 
1) While looking through photos onLukatimeline, I cam across a picture fromxxbigfootguyxxthat Lukacommented on in the past.
 
2)xxbigfootguyxxhas a private profile that does not allow user's to see his content, unless they have been approved as his friend. I am not on his friends list.
 
3) Upon clicking on the photo, I was able to access all of the photos in the corresponding album, even though I am not friends withxxbigfootguyxx.
 
I believe that there may be a permission's issue with the comment feature.
Posted in v2.5.0 Bug Reports on 12/22/16 at 18:25
Comments (2)
Ryan Nguyen  
Photo album privacy is unrelated to profile privacy. If the album's privacy is set to everyone then everyone will have access to it regardless of profile privacy as they can be set independently. I hope this helps!
Mike Reynolds  
It does! Thank you Ryan.
No login
Login or register to post your comment
arrow_forward
Cookies on mooCommunity - Social Networking Script.
This site uses cookies to store your information on your computer.
Read more east Accept done