First Last Prev Next    This bug is not in your last search results.
Bug 994880 - Activity Server allows to run any JPQL query statement over REST API
Activity Server allows to run any JPQL query statement over REST API
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: RT Governance (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity urgent
: ER1
: ---
Assigned To: Gary Brown
Jiri Sedlacek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-08 03:57 EDT by Jiri Pechanec
Modified: 2015-08-02 19:44 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-06 10:27:05 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker RTGOV-244 Major Closed Activity Server allows to run any JPQL query statement over REST API 2014-07-02 05:19:32 EDT

  None (edit)
Description Jiri Pechanec 2013-08-08 03:57:38 EDT 
http://localhost:8080/overlord-rtgov/activity/query allow to execute virtually any JPQL query over Activity Server database.

This might pose a security risk in the future so I propose a review by security team
Comment 1 Gary Brown 2013-08-08 04:09:25 EDT 
Given that the operation is 'query' I am happy to restrict it to SELECT statements.
Comment 3 Jiri Pechanec 2013-09-16 05:55:47 EDT 
Verified in ER2
Comment 7 JBoss JIRA Server 2014-07-02 05:19:32 EDT 
Gary Brown <gary@brownuk.com> updated the status of jira RTGOV-244 to Closed
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.