mistral execution-get returns a result for the wrong tenant
Bug #1749134 reported by
Ifat Afek
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mistral |
Confirmed
|
High
|
Unassigned |
Bug Description
mistral execution-get returns a valid result for an execution UUID, even if this execution belongs to another tenant.
To reproduce:
- create a workflow execution for tenant A
- for tenant A, run "mistral execution-list" and see the new execution
- for tenant B, run "mistral execution-list". The new execution is not on the list.
- for tenant B, run "mistral execution-get" with the UUID of the new execution. The execution details are returned.
Expected behavior: tenant B should not see the information of an execution created by tenant A.
Changed in mistral: | |
importance: | Undecided → High |
status: | New → Triaged |
milestone: | none → rocky-1 |
Changed in mistral: | |
milestone: | rocky-1 → rocky-2 |
Changed in mistral: | |
milestone: | rocky-2 → rocky-3 |
status: | Triaged → Confirmed |
Changed in mistral: | |
milestone: | rocky-3 → stein-1 |
Changed in mistral: | |
milestone: | stein-1 → none |
To post a comment you must log in.