Actions
Bug #12720
closed
Technique Editor may ignores some error when authenticating, leading to unauthorized access
Status:
Released
Priority:
N/A
Assignee:
Category:
Web - Technique editor
Target version:
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0
Name check:
Fix check:
Regression:
Description
A user in read-only can change techniques in the Technique Editor
User with role read_only can still update techniques
Note that the Technique Editor button is not present in this case in the Directive Tree
Updated by François ARMAND over 6 years ago
- Translation missing: en.field_tag_list set to Sponsored
- Priority changed from 76 to 108
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.3.2 to 4.1.13
Updated by Vincent MEMBRÉ over 6 years ago
- Status changed from New to In progress
Updated by Vincent MEMBRÉ over 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Vincent MEMBRÉ to François ARMAND
- Pull Request set to https://github.com/Normation/rudder-packages/pull/1600
Updated by Vincent MEMBRÉ over 6 years ago
- Project changed from Rudder to 41
- Subject changed from Technique Editor does not comply to authorization to Technique Editor may ignores some error when authenticating
- Category changed from Security to Technique editor - API
- Status changed from Pending technical review to New
Updated by Vincent MEMBRÉ over 6 years ago
- Status changed from New to In progress
- Assignee changed from François ARMAND to Vincent MEMBRÉ
Updated by Vincent MEMBRÉ over 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
- Pull Request changed from https://github.com/Normation/rudder-packages/pull/1600 to https://github.com/Normation/ncf/pull/767
Updated by Vincent MEMBRÉ over 6 years ago
- Related to Bug #12747: apache overwrites error response from Rudder added
Updated by Rudder Quality Assistant over 6 years ago
- Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
Updated by Vincent MEMBRÉ over 6 years ago
- Subject changed from Technique Editor may ignores some error when authenticating to Technique Editor may ignores some error when authenticating, leading to unauthorized access
Updated by Vincent MEMBRÉ over 6 years ago
- Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
Updated by Rudder Quality Assistant over 6 years ago
- Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
Updated by Vincent MEMBRÉ over 6 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset commit:655d3e2e523ce4155244afb53e876d3646a35b17.
Updated by Vincent MEMBRÉ over 6 years ago
Applied in changeset commit:65ac84dbbbef625a4e1d214068346e4050245e61.
Updated by Vincent MEMBRÉ over 6 years ago
- Status changed from Pending release to Released
- Priority changed from 108 to 107
Updated by Alexis Mousset over 2 years ago
- Project changed from 41 to Rudder
- Category changed from Technique editor - API to Web - Technique editor
- Priority changed from 107 to 0
Actions