Project

General

Profile

Actions

Bug #6505

closed

It is possible to send an inventory as root

Added by Benoît PECCATTE about 9 years ago. Updated 9 months ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

It is possible to input a fake UUID in the inventory
If this UUID is root, it is possible to change some parameters on the server

Actions #1

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 2.10.14 to 2.10.15
Actions #2

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 2.10.15 to 2.10.16
Actions #3

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.16 to 2.10.17
Actions #4

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.17 to 2.10.18
Actions #5

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.18 to 2.10.19
Actions #6

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.19 to 2.10.20
Actions #7

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.10.20 to 277
Actions #8

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 277 to 2.11.18
Actions #9

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.18 to 2.11.19
Actions #10

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 2.11.19 to 2.11.20
Actions #11

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 2.11.20 to 2.11.21
Actions #12

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 2.11.21 to 2.11.22
Actions #13

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 2.11.22 to 2.11.23
Actions #14

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 2.11.23 to 2.11.24
Actions #15

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 2.11.24 to 308
Actions #16

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 308 to 3.1.14
Actions #17

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.14 to 3.1.15
Actions #18

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.15 to 3.1.16
Actions #19

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.16 to 3.1.17
Actions #20

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.17 to 3.1.18
Actions #21

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 3.1.18 to 3.1.19
Actions #22

Updated by Benoît PECCATTE about 7 years ago

  • Status changed from New to Rejected

It is not possible anymore since inventories are signed.

Actions #23

Updated by Alexis Mousset almost 4 years ago

  • Category changed from Web - Nodes & inventories to Security
  • Priority set to 0
Actions #24

Updated by Alexis Mousset 9 months ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF