mistral execution-get returns a result for the wrong tenant
Bug #1749134 reported by
Ifat Afek
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mistral |
Confirmed
|
High
|
Unassigned | ||
Bug Description
mistral execution-get returns a valid result for an execution UUID, even if this execution belongs to another tenant.
To reproduce:
- create a workflow execution for tenant A
- for tenant A, run "mistral execution-list" and see the new execution
- for tenant B, run "mistral execution-list". The new execution is not on the list.
- for tenant B, run "mistral execution-get" with the UUID of the new execution. The execution details are returned.
Expected behavior: tenant B should not see the information of an execution created by tenant A.
| Changed in mistral: | |
| importance: | Undecided → High |
| status: | New → Triaged |
| milestone: | none → rocky-1 |
| Changed in mistral: | |
| milestone: | rocky-1 → rocky-2 |
| Changed in mistral: | |
| milestone: | rocky-2 → rocky-3 |
| status: | Triaged → Confirmed |
| Changed in mistral: | |
| milestone: | rocky-3 → stein-1 |
| Changed in mistral: | |
| milestone: | stein-1 → none |
To post a comment you must log in.
