Project

General

Profile

Bug #19704

Upcoming security fix in Foreman breaks KeepCurrentUser middleware

Added by Marek Hulán over 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Foreman plugin
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Katello tests failures revealed KeepCurrentUser middleware can fail when stored user is admin. It seems that org/loc scope is not restored and the admin won't be found when the change from #19612 will be present (planned for Foreman 1.15.1).


Related issues

Related to Foreman - Bug #19612: CVE-2017-7505: User scoped in organization with permissions for user management can manage administrators that are not assigned to any organizationClosed2017-05-22
Related to Katello - Bug #19664: Upcoming security fix in Foreman breaks Katello testsClosed2017-05-25
Related to Katello - Bug #20040: Can't create new productResolved2017-06-18

Associated revisions

Revision 7bf3537d (diff)
Added by Marek Hulán over 3 years ago

Fixes #19704 - load users from any context

History

#1 Updated by Marek Hulán over 3 years ago

  • Related to Bug #19612: CVE-2017-7505: User scoped in organization with permissions for user management can manage administrators that are not assigned to any organization added

#2 Updated by Marek Hulán over 3 years ago

  • Related to Bug #19664: Upcoming security fix in Foreman breaks Katello tests added

#3 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-tasks/pull/252 added

#4 Updated by Marek Hulán over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Ivan Necas over 3 years ago

  • Legacy Backlogs Release (now unused) set to 252

#6 Updated by Enrico Mingardo over 3 years ago

  • Related to Bug #20040: Can't create new product added

Also available in: Atom PDF