Project

General

Profile

Actions
Copy link

Bug #16552

closed

Webdav password is ignored and access is granted for all nodes in allowed networks

Added by Alexis Mousset over 4 years ago. Updated over 3 years ago.

Status:
Released
Priority:
N/A
Assignee:
Alexis Mousset
Category:
Security
Target version:
6.0.5
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:

Description

Since apache 2.4 and changes in Require semantic, the allowed network and authentication are now both valid, so being in the allowed networks skips auth checks.

We need to add something like:

<RequireAll>
<RequireAny>
Require ip 127.0.0.1
...
</RequireAny>
Require valid-user

Actions
Copy link
 #1

Updated by Alexis Mousset about 4 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions
Copy link
 #2

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 6.0.3 to 6.0.4
Actions
Copy link
 #3

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 6.0.4 to 6.0.5
Actions
Copy link
 #4

Updated by Alexis Mousset about 4 years ago

  • Status changed from In progress to Pending release
Actions
Copy link
 #5

Updated by Alexis Mousset about 4 years ago

  • Fix check changed from To do to Checked
Actions
Copy link
 #6

Updated by Alexis Mousset almost 4 years ago

  • Name check changed from To do to Reviewed
Actions
Copy link
 #7

Updated by Vincent MEMBRÉ almost 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.0.5 which was released today.

Actions
Copy link
 #8

Updated by Alexis Mousset almost 4 years ago

  • Category changed from Techniques to Security
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ over 3 years ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF