Project

General

Profile

Actions
Copy link

Bug #6505

closed

It is possible to send an inventory as root

Added by Benoît PECCATTE over 9 years ago. Updated over 1 year ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
3.1.19
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

It is possible to input a fake UUID in the inventory
If this UUID is root, it is possible to change some parameters on the server

Actions
Copy link
 #1

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.10.14 to 2.10.15
Actions
Copy link
 #2

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.10.15 to 2.10.16
Actions
Copy link
 #3

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.10.16 to 2.10.17
Actions
Copy link
 #4

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.10.17 to 2.10.18
Actions
Copy link
 #5

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.10.18 to 2.10.19
Actions
Copy link
 #6

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 2.10.19 to 2.10.20
Actions
Copy link
 #7

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 2.10.20 to 277
Actions
Copy link
 #8

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 277 to 2.11.18
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 2.11.18 to 2.11.19
Actions
Copy link
 #10

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.19 to 2.11.20
Actions
Copy link
 #11

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.20 to 2.11.21
Actions
Copy link
 #12

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.21 to 2.11.22
Actions
Copy link
 #13

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.22 to 2.11.23
Actions
Copy link
 #14

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.23 to 2.11.24
Actions
Copy link
 #15

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 2.11.24 to 308
Actions
Copy link
 #16

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 308 to 3.1.14
Actions
Copy link
 #17

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.14 to 3.1.15
Actions
Copy link
 #18

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.15 to 3.1.16
Actions
Copy link
 #19

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.16 to 3.1.17
Actions
Copy link
 #20

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 3.1.17 to 3.1.18
Actions
Copy link
 #21

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 3.1.18 to 3.1.19
Actions
Copy link
 #22

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from New to Rejected

It is not possible anymore since inventories are signed.

Actions
Copy link
 #23

Updated by Alexis Mousset over 4 years ago

  • Category changed from Web - Nodes & inventories to Security
  • Priority set to 0
Actions
Copy link
 #24

Updated by Alexis Mousset over 1 year ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF