1794713 – [ceph-dashboard] read-only user can display RGW API keys

Bug 1794713 - [ceph-dashboard] read-only user can display RGW API keys

Summary: [ceph-dashboard] read-only user can display RGW API keys

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Ceph-Dashboard
Sub Component:
Version:	4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	4.1
Assignee:	Alfonso Martínez
QA Contact:	Sunil Angadi
Docs Contact:	Anjana Suparna Sriram
URL:
Whiteboard:	wip
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-24 12:23 UTC by Alfonso Martínez
Modified:	2020-05-19 17:32 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ceph-14.2.8-9.el8, ceph-14.2.8-7.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-19 17:32:06 UTC
Embargoed:
Dependent Products:
Flags:	hyelloji: needinfo-

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	44375	None	None	None	2020-03-02 14:33:22 UTC
Github	ceph ceph pull 33665	None	closed	nautilus: mgr/dashboard: do not show RGW API keys if only read-only privileges	2020-05-13 20:23:49 UTC
Red Hat Product Errata	RHSA-2020:2231	None	None	None	2020-05-19 17:32:51 UTC

Description Alfonso Martínez 2020-01-24 12:23:47 UTC

Description of problem:
read-only user can display RGW API keys

Version-Release number of selected component (if applicable):
RHCS 4

How reproducible:
Always

Steps to Reproduce:
1. Create user with read-only role.
2. Select any user's "Keys" tab.
3. Click on 'Show': you can see keys.

Actual results:
You can see keys.

Expected results:
Read-only user should not see this info.

Additional info:

Comment 1 RHEL Program Management 2020-01-24 12:23:53 UTC

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Comment 9 errata-xmlrpc 2020-05-19 17:32:06 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:2231

Note You need to log in before you can comment on or make changes to this bug.