Bug 1394335 - API allows fetching virtual_templates without appropriate role
Summary: API allows fetching virtual_templates without appropriate role
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: API
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: GA
: 5.7.0
Assignee: abellott
QA Contact: Martin Kourim
URL:
Whiteboard: rest:template:security
Depends On: 1392612
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-11 18:07 UTC by Satoe Imaishi
Modified: 2017-01-04 13:12 UTC (History)
5 users (show)

Fixed In Version: 5.7.0.11
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1392612
Environment:
Last Closed: 2017-01-04 13:12:47 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0012 0 normal SHIPPED_LIVE CFME 5.7.0 bug fixes and enhancement update 2017-01-04 17:50:36 UTC

Comment 2 Šimon Lukašík 2016-11-14 15:40:58 UTC 
$ git log -1
commit b5eb7caa29c3659a6888de36946c4b01a77adb73
Author: Gregg Tanzillo <gtanzill>
Date:   Thu Nov 10 10:21:57 2016 -0500
Comment 3 Martin Kourim 2016-11-21 18:51:01 UTC 
Verified by following steps outlined in the bug description.

Result:
{
  "error": {
    "kind": "forbidden",
    "message": "Use of the read action is forbidden",
    "klass": "Api::ForbiddenError"
  }
}

Status:
403
Comment 5 errata-xmlrpc 2017-01-04 13:12:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0012.html
Note You need to log in before you can comment on or make changes to this bug.