Project

General

Profile

Bug #12720

Technique Editor may ignores some error when authenticating, leading to unauthorized access

Added by Nicolas CHARLES 12 months ago. Updated 10 months ago.

Status:
Released
Priority:
N/A
Category:
Technique editor - API
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
107
Tags:

Description

A user in read-only can change techniques in the Technique Editor
User with role read_only can still update techniques
Note that the Technique Editor button is not present in this case in the Directive Tree


Related issues

Related to Rudder - Bug #12747: apache overwrites error response from RudderReleasedActions

Associated revisions

Revision 655d3e2e (diff)
Added by Vincent MEMBRÉ 12 months ago

Fixes #12720: Technique Editor may ignores some error when authenticating

Revision 65ac84db (diff)
Added by Vincent MEMBRÉ 12 months ago

Fixes #12720: Technique Editor may ignores some error when authenticating, leading to unauthorized access

History

#1

Updated by François ARMAND 12 months ago

  • Tags set to Sponsored
  • Priority changed from 76 to 108
#2

Updated by Vincent MEMBRÉ 12 months ago

  • Target version changed from 4.3.2 to 4.1.13
#3

Updated by Vincent MEMBRÉ 12 months ago

  • Status changed from New to In progress
#4

Updated by Vincent MEMBRÉ 12 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1600
#5

Updated by Vincent MEMBRÉ 12 months ago

  • Project changed from Rudder to ncf
  • Subject changed from Technique Editor does not comply to authorization to Technique Editor may ignores some error when authenticating
  • Category changed from Security to Technique editor - API
  • Status changed from Pending technical review to New
#6

Updated by Vincent MEMBRÉ 12 months ago

  • Status changed from New to In progress
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
#7

Updated by Vincent MEMBRÉ 12 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
  • Pull Request changed from https://github.com/Normation/rudder-packages/pull/1600 to https://github.com/Normation/ncf/pull/767
#8

Updated by Vincent MEMBRÉ 12 months ago

  • Related to Bug #12747: apache overwrites error response from Rudder added
#9

Updated by Rudder Quality Assistant 12 months ago

  • Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
#10

Updated by Vincent MEMBRÉ 12 months ago

  • Subject changed from Technique Editor may ignores some error when authenticating to Technique Editor may ignores some error when authenticating, leading to unauthorized access
#11

Updated by Vincent MEMBRÉ 12 months ago

  • Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
#12

Updated by Rudder Quality Assistant 12 months ago

  • Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
#13

Updated by Vincent MEMBRÉ 12 months ago

  • Status changed from Pending technical review to Pending release
#15

Updated by Vincent MEMBRÉ 10 months ago

  • Status changed from Pending release to Released
  • Priority changed from 108 to 107

This bug has been fixed in Rudder 4.1.13, 4.2.7 and 4.3.3 which were released today.

Also available in: Atom PDF