Security: user can get admin token through deployments
Bug #1230542 reported by
Timur Nurlygayanov
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Murano |
Fix Released
|
Critical
|
Unassigned | ||
Bug Description
*Step To Reproduce*
1. Get valid X-Auth-Token with admin rules
2. Via REST API: Create environment, create session, create any service, deploy session
3. Get valid X-Auth-Token with user rules
4. Get deployments info (http://
*Observed result*
In response user can find admin token:
{code} ( {'deployments': [{....'
{code}
| Changed in murano: | |
| importance: | Undecided → Critical |
| status: | New → Fix Committed |
| summary: |
- Security: user can get admin token through deployments + Launchpad Bug #1230542: Security: user can get admin token through + deployments |
| Changed in murano: | |
| status: | Fix Committed → Fix Released |
| summary: |
- Launchpad Bug #1230542: Security: user can get admin token through - deployments + Security: user can get admin token through deployments |
| Changed in murano: | |
| milestone: | none → 0.2.1 |
To post a comment you must log in.
