Major - P3 Currently if you have renameCollectionSameDB on a database, you can rename any collection within that database. The problem is that you could potentially rename from a collection you don't have read access to to one that you do, which is potentially a security hole. We should only let renameCollectionSameDB work if you have read on source, or don't have read on dest.
Make renameCollectionSameDB only work if you have the same read permission on the source and dest collections
- Assignee:
-
Spencer Brody (Inactive)
- Reporter:
-
- Votes:
-
0 Vote for this issue - Watchers:
-
1 Start watching this issue
- Created:
- Updated:
- Resolved: