New issue
Advanced search Search tips

Issue 760550 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Google Docs

Reported by daniel.n...@masenainvest.com, Aug 30 2017 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
you can send an edit url to yourself in an view only doc and when you open this url you are able to edit the view only doc!!
VERSION
Chrome Version: [x.x.x.x] + [stable, beta, or dev]
Operating System: i'am using a iMac

REPRODUCTION CASE

in the zip file
Archief.zip
386 KB Download

Comment 1 by elawrence@chromium.org, Aug 30 2017

Status: WontFix (was: Unconfirmed)
Thanks for the report-- Unfortunately, this bug tracker tracks only security vulnerabilities in Google Chrome, but you're attempting to report an issue in Google docs.

To submit a vulnerability in Google Docs, please visit
https://www.google.com/appserve/security-bugs/new

Rather than screenshots, it would be helpful to explain, step-by-step, what you do to execute your attack. From the screenshots, it looks like you are merely changing the sharing settings from 'View' to 'Edit', an operation that should be available to the owner/creator of the document.
Project Member

Comment 2 by sheriffbot@chromium.org, Dec 7 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment