Bug #32599: auto complete search allows access to data that should not be visible according to the userrole - Foreman

Actions

Copy link

Bug #32599

open

auto complete search allows access to data that should not be visible according to the userrole

Added by Richard Stempfl almost 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Users, Roles and Permissions

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

2.3.3

Red Hat JIRA:

Description

How to recreate:
Create a role with view hosts permission and assign it to a user.
Login with that user.
Go to hosts and search for example "facts.bios_release_date"
You can see the date what should not be possible.

But since it is forbidden to call the facts tab in the host detail view, it should also be impossible to do so in the overview view

Files

Screenshot_20210311_110148.png

View Screenshot_20210311_110148.png

16 KB

Richard Stempfl, 05/14/2021 11:42 AM

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #32599

auto complete search allows access to data that should not be visible according to the userrole