2014-11-27 20:49:16 |
Timur Sufiev |
bug |
|
|
added bug |
2014-11-27 20:55:30 |
Timur Sufiev |
description |
Due to mutable dictionary being used as the default `target` argument value the first target calculated from scratch in POLICY_CHECK function will be used for all subsequent calls to POLICY_CHECK with 2 arguments. The wrong `target` can either lead to a reduced set of permissions on an entity for a given user, or to enlarged one. Due to independent policy checks at each service side this doesn't pose a serious security breach, but can lead to weird UX behaviour. |
Due to mutable dictionary being used as the default `target` argument value the first target calculated from scratch in POLICY_CHECK function will be used for all subsequent calls to POLICY_CHECK with 2 arguments. The wrong `target` can either lead to a reduced set of permissions on an entity for a given user, or to enlarged one. Due to independent policy checks at each service side this doesn't pose a serious security breach, but can lead to weird UX behaviour.
This is a clone of upstream security bug. |
|
2014-11-28 09:45:21 |
Timur Sufiev |
mos: status |
New |
Fix Committed |
|
2014-11-28 09:45:25 |
Timur Sufiev |
mos: milestone |
|
6.0 |
|
2014-11-28 13:57:39 |
Dmitry Mescheryakov |
nominated for series |
|
mos/5.1.x |
|
2014-11-28 13:57:39 |
Dmitry Mescheryakov |
bug task added |
|
mos/5.1.x |
|
2014-11-28 13:57:57 |
Dmitry Mescheryakov |
mos/5.1.x: assignee |
|
MOS Horizon (mos-horizon) |
|
2014-11-28 14:17:23 |
Dmitry Mescheryakov |
mos/5.1.x: status |
New |
Triaged |
|
2014-11-28 14:17:25 |
Dmitry Mescheryakov |
mos/5.1.x: importance |
Undecided |
High |
|
2014-11-28 14:17:28 |
Dmitry Mescheryakov |
mos/5.1.x: milestone |
|
5.1.2 |
|
2014-12-01 16:29:13 |
Timur Sufiev |
information type |
Private Security |
Public |
|
2015-02-02 16:00:11 |
Vitaly Sedelnik |
mos/5.1.x: assignee |
MOS Horizon (mos-horizon) |
MOS Sustaining (mos-sustaining) |
|
2015-03-03 19:27:42 |
Alex Ermolov |
nominated for series |
|
mos/5.1.1-updates |
|
2015-03-03 19:27:42 |
Alex Ermolov |
bug task added |
|
mos/5.1.1-updates |
|
2015-03-03 19:27:48 |
Alex Ermolov |
mos/5.1.1-updates: milestone |
|
5.1.1-updates |
|
2015-03-04 09:22:51 |
Alex Ermolov |
mos/5.1.1-updates: status |
New |
Confirmed |
|
2015-03-04 09:22:54 |
Alex Ermolov |
mos/5.1.1-updates: importance |
Undecided |
High |
|
2015-03-04 10:38:05 |
Vitaly Sedelnik |
mos/5.1.1-updates: assignee |
|
MOS Sustaining (mos-sustaining) |
|
2015-03-10 15:48:46 |
Alex Ermolov |
bug task deleted |
mos/5.1.1-updates |
|
|
2015-03-10 18:31:35 |
Alex Ermolov |
nominated for series |
|
mos/5.1.1-updates |
|
2015-03-10 18:31:35 |
Alex Ermolov |
bug task added |
|
mos/5.1.1-updates |
|
2015-03-10 18:31:51 |
Alex Ermolov |
mos/5.1.1-updates: milestone |
|
5.1.1-updates |
|
2015-03-10 18:32:19 |
Alex Ermolov |
mos/5.1.1-updates: assignee |
|
MOS Sustaining (mos-sustaining) |
|
2015-03-10 18:32:24 |
Alex Ermolov |
mos/5.1.1-updates: importance |
Undecided |
High |
|
2015-03-10 18:32:27 |
Alex Ermolov |
mos/5.1.1-updates: status |
New |
Invalid |
|
2015-09-26 10:00:21 |
Vitaly Sedelnik |
mos/5.1.x: status |
Triaged |
Invalid |
|