ntopng/scripts/lua/rest/v2/edit
Alfredo Cardigliano 669589fe20 Fix missing authorization check in edit_blacklist.lua REST endpoint
Any authenticated user, including unprivileged accounts, could modify
threat intelligence blacklist URLs, enable/disable status, and update
intervals via POST /lua/rest/v2/edit/system/edit_blacklist.lua. Add
the same isAdministrator() guard used by the sibling
edit/category/category.lua endpoint.

GHSA-ffg5-889g-f5q8

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-16 14:53:27 +02:00
..
application (C) update 2026-01-19 16:23:53 +01:00
category (C) update 2026-01-19 16:23:53 +01:00
host Add administrator checks 2026-07-16 10:31:23 +02:00
network Add SRC/DST_SITE_ID to historical flows 2026-05-20 18:58:06 +02:00
ntopng Add Allowed Host Pools for Users, configurable in the local user settings 2026-03-04 09:31:34 +00:00
system Fix missing authorization check in edit_blacklist.lua REST endpoint 2026-07-16 14:53:27 +02:00
tag Revert "Removed vulnerability scan (#10490)" 2026-06-28 10:52:21 +00:00