Project

General

Profile

Actions

Bug #15236

closed

Bug #14866: It is possible to download policies from any Windows node knowing its id by getting a forged inventory accepted

New node inventories without certificate aren't accepted anymore

Added by François ARMAND over 5 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Nodes & inventories
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
92
Name check:
To do
Fix check:
Checked
Regression:

Description

When a new node without a certificate sends its inventory, rudder refuse to process it with the message:

[2019-07-17 08:31:57] INFO  inventory-processing - Watch new inventory file 'agent1-baded9c8-902e-4404-96c1-278acca64e3a.ocs' with signature available: process.
[2019-07-17 08:31:57] ERROR inventory-processing - Error when trying to process inventory 'agent1-baded9c8-902e-4404-96c1-278acca64e3a.ocs' <- Error when trying to check inventory key for Node 'baded9c8-902e-4404-96c1-278acca64e3a' <- Could not find Node baded9c8-902e-4404-96c1-278acca64e3a
Actions #1

Updated by François ARMAND over 5 years ago

  • Status changed from New to In progress
Actions #2

Updated by François ARMAND over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2316
Actions #3

Updated by Rudder Quality Assistant over 5 years ago

  • Assignee changed from Vincent MEMBRÉ to François ARMAND
Actions #4

Updated by François ARMAND over 5 years ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by François ARMAND over 5 years ago

  • Priority changed from 94 to 93
  • Fix check changed from To do to Checked
Actions #6

Updated by François ARMAND over 5 years ago

checked: I can accept nodes with historic (default in 5.0) cfengine signature.

Actions #7

Updated by Vincent MEMBRÉ over 5 years ago

  • Status changed from Pending release to Released
  • Priority changed from 93 to 92

This bug has been fixed in Rudder 5.0.13 which was released today.

Actions

Also available in: Atom PDF