Actions
Bug #18325
closed
Webdav allows get on inventory and reports
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:
Description
The configuration indicates that only put is allowed, but this is ignored, so and other commands are allowed along with PUT.
Consequence, it is possible with a password (ie with any accepted machine) to retrieve reports and inventories.
Updated by Benoît PECCATTE about 4 years ago
- Status changed from New to In progress
- Assignee set to Benoît PECCATTE
Updated by Benoît PECCATTE about 4 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/3256
Updated by Benoît PECCATTE about 4 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|6e975950ca18ecb1fe978838fc02c77e1009869d.
Updated by Alexis Mousset about 4 years ago
- Subject changed from Apache webdav allows get to Webdav allows get on inventory and reports
Updated by Alexis Mousset about 4 years ago
- Name check changed from To do to Reviewed
Updated by Alexis Mousset about 4 years ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ over 3 years ago
This bug has been fixed in Rudder 6.0.10, 6.1.6, 6.2.0~beta1 which were released by the end of October 2020.
Updated by Vincent MEMBRÉ over 3 years ago
- Status changed from Pending release to Released
Actions