Try our conversational search powered by Generative AI!

AI OnAI Off

AB Tests accessible to anonymous users (Security Issue)

Found in

EPiServer.Marketing.Testing 2.5.12

Fixed in

EPiServer.Marketing.Testing 2.6.0

(Or a related package)

Created

Apr 24, 2020

Updated

May 14, 2020

State

Closed, Fixed and tested

Description

Steps to reproduce:
1. On an alloy site, make a change to a page and create an AB test.
2. Create a new tab in incognito mode.
3. Go to www.yoursite.com/api/episerver/Testing.

Expected:
Should not be able to see the tests if not authenticated.

Actual:
Can see tests even if not authenticated.