Bug #17266
Fix tests that depend on CVE 2016-7078
Difficulty:
Triaged:
Yes
Team Backlog:
Fixed in Releases:
Found in Releases:
Description
Following #16982 - there were some tests in Katello (much less than in Foreman due to the requirement for Orgs) that relied upon this vulnerability to work.
Related issues
Associated revisions
History
#1
Updated by Daniel Lobato Garcia over 2 years ago
Updated by - Copied from Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resources added
#2
Updated by The Foreman Bot over 2 years ago
Updated by - Pull request https://github.com/Katello/katello/pull/6447 added
#3
Updated by Dominic Cleal over 2 years ago
Updated by - Legacy Backlogs Release (now unused) deleted (
203)
#4
Updated by Daniel Lobato Garcia over 2 years ago
- Target version changed from 1.5.2 to 1.4.3
#5
Updated by Justin Sherrill over 2 years ago
Updated by - Legacy Backlogs Release (now unused) set to 114
#6
Updated by The Foreman Bot over 2 years ago
- Legacy Backlogs Release (now unused) deleted (
114)
#7
Updated by Justin Sherrill over 2 years ago
- Legacy Backlogs Release (now unused) set to 114
#8
Updated by Daniel Lobato Garcia over 2 years ago
- Target version changed from 1.4.3 to 1.11.0
#9
Updated by The Foreman Bot over 2 years ago
- Legacy Backlogs Release (now unused) deleted (
114)
#10
Updated by Anonymous over 2 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello|236abac4f8df9ed7f74a2710646e1ffa01669d26.
#11
Updated by Eric Helms over 2 years ago
Updated by - Legacy Backlogs Release (now unused) set to 211
Fixes #17266 - Fix tests that depend on CVE 2016-7078
A small number of tests in the Katello codebase depended on regular
users being able to see objects without organization/location. This is
now fixed in core through a CVE (users shouldn't view stuff they're not
scoped to see), so in order for Jenkins to pass, we need to make Katello
tests pass with it too.