Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorised users can create topics #1291

Open
baldrich25 opened this issue Mar 13, 2025 · 0 comments
Open

Unauthorised users can create topics #1291

baldrich25 opened this issue Mar 13, 2025 · 0 comments
Labels
🪲 bug Something isn't working

Comments

@baldrich25
Copy link

🐞 Describe the bug
Unauthorised users can send a request to create a topic, the user is provided a 40301, however the topic is still created.

💻 Components impacted
ntfy server

💡 Screenshots and/or logs

🔮 Additional context
Using the builtin metrics server, you can monitor the count of topics on the server at a given time.

When sending unauthorised requests to publish to a topic, the user is provided a 4031 however the metric count still goes up, suggesting the topic is actually create on the server, the user just had no rights to join the topic.
@baldrich25 baldrich25 added the 🪲 bug Something isn't working label Mar 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🪲 bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@baldrich25