Project

General

Profile

Bug #8790

A read only account should not have access to API tokens

Added by Alexis MOUSSET over 1 year ago. Updated 7 months ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Target version (plugin):
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
52

Description

At least until we heave read-only tokens.

A read_only user can read current tokens and modify them, and gets a full write access to the configuration.


Related issues

Related to Rudder - Bug #8774: Read only access to Administration allow to change some parameters Released

Associated revisions

History

#1 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 2.11.23 to 2.11.24

#2 Updated by Alexis MOUSSET over 1 year ago

  • Category set to Web - Config management

#3 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 2.11.24 to 308

#4 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 308 to 3.1.14

#5 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.14 to 3.1.15

#6 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.15 to 3.1.16

#7 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.16 to 3.1.17

#8 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.17 to 3.1.18

#9 Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 3.1.18 to 3.1.19

#10 Updated by Benoît PECCATTE 9 months ago

  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings

#12 Updated by Benoît PECCATTE 9 months ago

  • Priority set to 54

#13 Updated by Benoît PECCATTE 8 months ago

  • Priority changed from 54 to 53

#14 Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 3.1.19 to 3.1.20

#15 Updated by Nicolas CHARLES 8 months ago

  • Assignee set to Nicolas CHARLES

#16 Updated by Nicolas CHARLES 8 months ago

  • Status changed from New to In progress

#17 Updated by Nicolas CHARLES 8 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1640

#18 Updated by Nicolas CHARLES 8 months ago

  • Status changed from Pending technical review to Pending release

#19 Updated by Vincent MEMBRÉ 7 months ago

  • Parent task deleted (#8774)
  • Priority changed from 53 to 52

#20 Updated by Vincent MEMBRÉ 7 months ago

  • Related to Bug #8774: Read only access to Administration allow to change some parameters added

#21 Updated by Vincent MEMBRÉ 7 months ago

  • Private changed from Yes to No

#22 Updated by Vincent MEMBRÉ 7 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.20, 4.0.5 and 4.1.2 which were released today.

Also available in: Atom PDF