Skip to content

Users should not have access to view all machine IDs on web UI #11

New issue
New issue
Open
Open
Users should not have access to view all machine IDs on web UI#11
Labels
enhancementNew feature or requestgood first issueGood for newcomers
@Snuupy

Description

@Snuupy
Snuupy
opened on Sep 7, 2024

Describe the bug

Currently users can view all machine IDs even if they should not have access to them. Although machines are protected with passwords, this still exposes metadata that should not be exposed, leaking information (though hopefully your users are not your adversaries!)

This also applies to the groups tab in the rustdesk app.

Describe the environment

Not relevant, but docker compose, latest

How to Reproduce the bug
Steps to reproduce the behavior:

  1. create a normal non-admin user
  2. browse devices page, see all devices listed

Expected behavior

only devices for that individual user should be listed if they are not an admin

Additional context

N/A

Notes

  • Please write in english only. If you provide some images in different languages, you're required to write a translation in english.
  • In any case, NEVER put here the content if your id_ed25519 file

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions