Project

General

Custom queries

Profile

Actions
Copy link

Bug #12720

closed

Technique Editor may ignores some error when authenticating, leading to unauthorized access

Added by Nicolas CHARLES almost 7 years ago. Updated almost 3 years ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Web - Technique editor
Target version:
4.1.13
Pull Request:
https://github.com/Normation/ncf/pull...
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

A user in read-only can change techniques in the Technique Editor
User with role read_only can still update techniques
Note that the Technique Editor button is not present in this case in the Directive Tree

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #12747: apache overwrites error response from RudderReleasedBenoît PECCATTEActions
#1

Updated by François ARMAND almost 7 years ago

  • Translation missing: en.field_tag_list set to Sponsored
  • Priority changed from 76 to 108
#2

Updated by Vincent MEMBRÉ almost 7 years ago

  • Target version changed from 4.3.2 to 4.1.13
#3

Updated by Vincent MEMBRÉ almost 7 years ago

  • Status changed from New to In progress
#4

Updated by Vincent MEMBRÉ almost 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1600
#5

Updated by Vincent MEMBRÉ almost 7 years ago

  • Project changed from Rudder to 41
  • Subject changed from Technique Editor does not comply to authorization to Technique Editor may ignores some error when authenticating
  • Category changed from Security to Technique editor - API
  • Status changed from Pending technical review to New
#6

Updated by Vincent MEMBRÉ almost 7 years ago

  • Status changed from New to In progress
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
#7

Updated by Vincent MEMBRÉ almost 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
  • Pull Request changed from https://github.com/Normation/rudder-packages/pull/1600 to https://github.com/Normation/ncf/pull/767
#8

Updated by Vincent MEMBRÉ almost 7 years ago

  • Related to Bug #12747: apache overwrites error response from Rudder added
#9

Updated by Rudder Quality Assistant almost 7 years ago

  • Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
#10

Updated by Vincent MEMBRÉ almost 7 years ago

  • Subject changed from Technique Editor may ignores some error when authenticating to Technique Editor may ignores some error when authenticating, leading to unauthorized access
#11

Updated by Vincent MEMBRÉ almost 7 years ago

  • Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
#12

Updated by Rudder Quality Assistant almost 7 years ago

  • Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
#13

Updated by Vincent MEMBRÉ almost 7 years ago

  • Status changed from Pending technical review to Pending release
#15

Updated by Vincent MEMBRÉ over 6 years ago

  • Status changed from Pending release to Released
  • Priority changed from 108 to 107
#16

Updated by Alexis Mousset almost 3 years ago

  • Project changed from 41 to Rudder
  • Category changed from Technique editor - API to Web - Technique editor
  • Priority changed from 107 to 0
Actions
Copy link

Also available in: Atom PDF