Ticket #26790 (assigned)
Anonymous users can edit tickets created by others
|Reported by:||cstrobbe||Owned by:||ctsai|
|Keywords:||ENGR NF-4829 FORGE P3||Cc:|
Recently, I have noticed that an anonymous user managed to edit feature requests that were created by a project admin. This happened in a project where feature-requests Permissions are as follows: anonymous users are allowed to READ, POST and CREATE, but not to update feature requests.
Is there a bug in SourceForge or am I overlooking a setting? This is very annoying because it is being abused by spammers.