Bug #12720: Technique Editor may ignores some error when authenticating, leading to unauthorized access - Rudder - Issue Tracker

Actions

Copy link

Bug #12720

closed

Technique Editor may ignores some error when authenticating, leading to unauthorized access

Added by Nicolas CHARLES over 6 years ago. Updated over 2 years ago.

Status:

Released

Priority:

N/A

Assignee:

Vincent MEMBRÉ

Category:

Web - Technique editor

Target version:

4.1.13

Pull Request:

https://github.com/Normation/ncf/pull...

Severity:

Critical - prevents main use of Rudder | no workaround | data loss | security

UX impact:

User visibility:

Operational - other Techniques | Technique editor | Rudder settings

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

A user in read-only can change techniques in the Technique Editor
User with role read_only can still update techniques
Note that the Technique Editor button is not present in this case in the Directive Tree

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #12720

Technique Editor may ignores some error when authenticating, leading to unauthorized access

Updated by François ARMAND over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Rudder Quality Assistant over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Rudder Quality Assistant over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Alexis Mousset over 2 years ago