[Weak UI/UX] - When starting a discussion, 'Start Discussion' disabled, no obvious reason why #16554
Unanswered
YoloClin
asked this question in
Discussions
Replies: 1 comment 1 reply
-
For those playing at home this is unrelated to my original post, there's no way to communicate on the referenced CVE. @Gauravp-NEC From memory I tried 2.2.x and 2.10.0, the relevant logic for code exec traces back to 2.2.x, there are other issues related to the API that mean that not only is it RCE, it's also (for unrelated reasons) a DoS and Dataset disclosure weakness. CKAN no longer support 2.7.x as far as I can tell, so I would suggest patching regardless. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
To reproduce:
This caught me, I found myself hacking HTML to understand why I couldn't start a discussion. I didn't see the category drop-down, which is user error but something that could be avoided. A better UX would be a hover message or to let the user click the button and tell them why, or just to remove the disabled flag and let JS validation execute (this looks like it might have behaved like that at some point).
Beta Was this translation helpful? Give feedback.
All reactions