Bug #12440: When the api authorization plugin is disabled tokens become read only - API authorizations - Issue Tracker

Custom queries

Bugs triage
CS - by priority
CS - to review
My TR
Need technical review
Open bugs (all)
Open bugs (UI - UX)
Open UX defects (all)
Opened by users

Actions

Copy link

Bug #12440

closed

When the api authorization plugin is disabled tokens become read only

Added by Benoît PECCATTE over 6 years ago. Updated almost 5 years ago.

Status:

Released

Priority:

N/A

Assignee:

Nicolas CHARLES

Target version:

5.0-1.5

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

Critical - prevents main use of Rudder | no workaround | data loss | security

UX impact:

User visibility:

Infrequent - complex configurations | third party integrations

Effort required:

Very Small

Priority:

Name check:

Fix check:

Regression:

Description

This could be a security problem if the token had restricted read rights, the token then have full access.
The token could instead be interpreted as disabled.

Related issues 1 (0 open — 1 closed)

Related to Rudder - User story #12111: Make fine-grained API authorization a plugin

Released

François ARMAND

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by François ARMAND over 6 years ago

Related to User story #1211: Nagios Management technique added

Actions

Copy link

Updated by François ARMAND over 6 years ago

See comment/implementation on PR for #12111: https://github.com/Normation/rudder/pull/1858

Actions

Copy link

Updated by François ARMAND over 6 years ago

Related to deleted (User story #1211: Nagios Management technique)

Actions

Copy link

Updated by François ARMAND over 6 years ago

Related to User story #12111: Make fine-grained API authorization a plugin added

Actions

Copy link

Updated by Alexis Mousset over 6 years ago

Subject changed from When the api aithorization plugin is disabled tokens become read only to When the api authorization plugin is disabled tokens become read only

Actions

Copy link

Updated by Benoît PECCATTE over 6 years ago

Project changed from 53 to Rudder
Category set to 102
Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility set to Infrequent - complex configurations | third party integrations
Priority changed from 0 to 64