Skip to content

Security: Unauthenticated Template Creation via /template/document-templates/create#8659

Merged
AngelFQC merged 2 commits into
masterfrom
security/auto-fix-GHSA-hg2v-955j-35c3
Jun 24, 2026
Merged

Security: Unauthenticated Template Creation via /template/document-templates/create#8659
AngelFQC merged 2 commits into
masterfrom
security/auto-fix-GHSA-hg2v-955j-35c3

Conversation

@AngelFQC

@AngelFQC AngelFQC commented Jun 24, 2026

Copy link
Copy Markdown
Member

Requires the requester to be a teacher of the course that owns the referenced document (CourseVoter::EDIT, i.e. course teacher or admin) before creating a document template and flagging the document as a template, matching the isCurrentTeacher gate used in the frontend. The course is resolved from the document itself (via refDoc), so an attacker cannot authorize the action against an unrelated course supplied in cid. Closes an endpoint that previously accepted unauthenticated, attacker-controlled refDoc/cid values.

Refs GHSA-hg2v-955j-35c3

@AngelFQC AngelFQC merged commit 2c9139f into master Jun 24, 2026
3 of 12 checks passed
@AngelFQC AngelFQC deleted the security/auto-fix-GHSA-hg2v-955j-35c3 branch June 24, 2026 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant