Project

General

Profile

Bug #17266

Fix tests that depend on CVE 2016-7078

Added by Daniel Lobato Garcia over 2 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Following #16982 - there were some tests in Katello (much less than in Foreman due to the requirement for Orgs) that relied upon this vulnerability to work.


Related issues

Copied from Foreman - Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resourcesClosed2016-10-18

Associated revisions

Revision 236abac4 (diff)
Added by Daniel Lobato Garcia about 2 years ago

Fixes #17266 - Fix tests that depend on CVE 2016-7078

A small number of tests in the Katello codebase depended on regular
users being able to see objects without organization/location. This is
now fixed in core through a CVE (users shouldn't view stuff they're not
scoped to see), so in order for Jenkins to pass, we need to make Katello
tests pass with it too.

History

#1 Updated by Daniel Lobato Garcia over 2 years ago

  • Copied from Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resources added

#2 Updated by The Foreman Bot over 2 years ago

  • Pull request https://github.com/Katello/katello/pull/6447 added

#3 Updated by Dominic Cleal over 2 years ago

  • Legacy Backlogs Release (now unused) deleted (203)

#4 Updated by Daniel Lobato Garcia over 2 years ago

  • Target version changed from 1.5.2 to 1.4.3

#5 Updated by Justin Sherrill over 2 years ago

  • Legacy Backlogs Release (now unused) set to 114

#6 Updated by The Foreman Bot over 2 years ago

  • Legacy Backlogs Release (now unused) deleted (114)

#7 Updated by Justin Sherrill over 2 years ago

  • Legacy Backlogs Release (now unused) set to 114

#8 Updated by Daniel Lobato Garcia over 2 years ago

  • Target version changed from 1.4.3 to 1.11.0

#9 Updated by The Foreman Bot about 2 years ago

  • Legacy Backlogs Release (now unused) deleted (114)

#10 Updated by Anonymous about 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#11 Updated by Eric Helms about 2 years ago

  • Legacy Backlogs Release (now unused) set to 211

Also available in: Atom PDF