Bug #18325
closed
Webdav allows get on inventory and reports
Added by Benoît PECCATTE over 3 years ago.
Updated 9 months ago.
Description
The configuration indicates that only put is allowed, but this is ignored, so and other commands are allowed along with PUT.
Consequence, it is possible with a password (ie with any accepted machine) to retrieve reports and inventories.
- Status changed from New to In progress
- Assignee set to Benoît PECCATTE
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/3256
- Status changed from Pending technical review to Pending release
- Subject changed from Apache webdav allows get to Webdav allows get on inventory and reports
- Name check changed from To do to Reviewed
- Fix check changed from To do to Checked
This bug has been fixed in Rudder 6.0.10, 6.1.6, 6.2.0~beta1 which were released by the end of October 2020.
- Status changed from Pending release to Released
- Private changed from Yes to No
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by