Polls App shares poll link of invited users

🍱 Features & apps polls
,
1

ATTENTION! SECURITY ISSUE!
By sharing with a user a poll, the user who shares can also copy the link of the user to send the direct link directly with an other messenger for example. That’s a great option but…

…there is one security issue that allows an other user to vote for an other user by using this link. The problem is that no login is requested when using this link to access to this poll.
Until now I didn’t’t found a possibility to acces all other files of the concerned user, but I am not sure if there might be a way to do this, too.
Should we open an issue on git?

2

This is no security issue rather than a privacy/spoofing issue. It was meant for delegation purposes but will be removed in the next version 1.5.

The user is still logged in the original user and so the security functions of other apps still work and are not affected.

1 Like