Able to access others execution logs

Due to no way to bulk download stdout.txt files, requested feature here. I am changing URLs to get all the files I want, something like this https://analytics.katalon.com/api/v1/test-results/logs/.

Tedious and annoying way to do this where I want results from 100 machines, was OK when I was doing it before as all my numbers were pretty much in sequence.

Anyway now I have been shown others execution logs when changing the number on the end of the URL. Not all but some.

This is really bad, sensitive data could be included in these logs and it should not be possible to see others logs by just changing a URL.

Anthony said:

Due to no way to bulk download stdout.txt files, requested feature here. I am changing URLs to get all the files I want, something like this https://analytics.katalon.com/api/v1/test-results/logs/.

Tedious and annoying way to do this where I want results from 100 machines, was OK when I was doing it before as all my numbers were pretty much in sequence.

Anyway now I have been shown others execution logs when changing the number on the end of the URL. Not all but some.

This is really bad, sensitive data could be included in these logs and it should not be possible to see others logs by just changing a URL.

Hi Anthony,

Thank you for letting us know the issue. I have logged and passed it to the development team for further investigation. We very much appreciate your finding.

Regards,
Liam

Hi @967-Anthony,

We have investigated the issue.

When you changed the URL to access a log, you will be only able to see the execution log of any project that you have access to. Otherwise, you’ll received an authentication error message.

Thank you for using Katalon Analytics,
Liam

Liam B said:

Hi @967-Anthony,

We have investigated the issue.

When you changed the URL to access a log, you will be only able to see the execution log of any project that you have access to. Otherwise, you’ll received an authentication error message.

Thank you for using Katalon Analytics,
Liam

I most definitely saw others execution logs - Windows 8.1 machines where I was only using Windows 10 machines, it is rare I saw it 3 times or so. I was blocked mostly when entering a number that I should not see.

Anthony said:

Liam B said:

Hi @967-Anthony,

We have investigated the issue.

When you changed the URL to access a log, you will be only able to see the execution log of any project that you have access to. Otherwise, you’ll received an authentication error message.

Thank you for using Katalon Analytics,
Liam

I most definitely saw others execution logs - Windows 8.1 machines where I was only using Windows 10 machines, it is rare I saw it 3 times or so. I was blocked mostly when entering a number that I should not see.

Anthony,

The Katalon Team promises to protect your data. Your security is important to us, and we want to make sure this issue is investigated properly.

We want to ask you a couple of questions. First, what was the URL you used to access the output? Would you happen to have those links still? Second, because you cannot see the machine information in stdout.txt, where did you find the machine information. Please send me a private message so the team could further investigate the issue.

Thank you for your feedback.

Best regards,
Liam