Security: user can get admin token through deployments
Bug #1230542 reported by
Timur Nurlygayanov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Murano |
Fix Released
|
Critical
|
Unassigned |
Bug Description
*Step To Reproduce*
1. Get valid X-Auth-Token with admin rules
2. Via REST API: Create environment, create session, create any service, deploy session
3. Get valid X-Auth-Token with user rules
4. Get deployments info (http://
*Observed result*
In response user can find admin token:
{code} ( {'deployments': [{....'
{code}
Changed in murano: | |
importance: | Undecided → Critical |
status: | New → Fix Committed |
summary: |
- Security: user can get admin token through deployments + Launchpad Bug #1230542: Security: user can get admin token through + deployments |
Changed in murano: | |
status: | Fix Committed → Fix Released |
summary: |
- Launchpad Bug #1230542: Security: user can get admin token through - deployments + Security: user can get admin token through deployments |
Changed in murano: | |
milestone: | none → 0.2.1 |
To post a comment you must log in.