[wp-trac] [WordPress Trac] #61143: Our rest api User listing has chances to reveal username of Administrator User "wp-json/wp/v2/users"
WordPress Trac
noreply at wordpress.org
Sat May 4 10:34:20 UTC 2024
#61143: Our rest api User listing has chances to reveal username of Administrator
User "wp-json/wp/v2/users"
--------------------------+------------------------
Reporter: hlakkad1998 | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: REST API | Version: 4.7
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Changes (by swissspidy):
* status: new => closed
* focuses: rest-api, privacy =>
* severity: critical => normal
* version: 6.5 => 4.7
* milestone: Awaiting Review =>
* keywords: needs-privacy-review needs-patch =>
* resolution: => duplicate
Comment:
Duplicate of #52169.
Hi there and welcome to WordPress Trac!
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/#why-are-disclosures-of-usernames-or-user-ids-not-a
-security-issue As per our security FAQ], disclosure of usernames is not
considered to be a security issue.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61143#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list