Bug #18325
closed
Webdav allows get on inventory and reports
Added by Benoît PECCATTE almost 4 years ago.
Updated 11 months ago.
Description
The configuration indicates that only put is allowed, but this is ignored, so and other commands are allowed along with PUT.
Consequence, it is possible with a password (ie with any accepted machine) to retrieve reports and inventories.
- Status changed from New to In progress
- Assignee set to Benoît PECCATTE
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/3256
- Status changed from Pending technical review to Pending release
- Subject changed from Apache webdav allows get to Webdav allows get on inventory and reports
- Name check changed from To do to Reviewed
- Fix check changed from To do to Checked
This bug has been fixed in Rudder 6.0.10, 6.1.6, 6.2.0~beta1 which were released by the end of October 2020.
- Status changed from Pending release to Released
- Private changed from Yes to No
Also available in: Atom
PDF