Project

General

Profile

Actions

Bug #7584

closed

privileges abuse with page-diagnostics-dns

Added by Jeremy C. Reed almost 7 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
05/20/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

my user has
page-diagnostics-dns privilege which provides DNS lookups
but also allowed the user to create an alias
"Created from Diagnostics-> DNS Lookup".

But now the user cannot see this alias nor has any way to remove it
(because needs page-firewall-aliases privilege).

I'd suggest that capability to do DNS lookups diagnostics shouldn't
also allow addition of aliases.

Actions #2

Updated by Jim Pingle almost 7 years ago

  • Category set to Web Interface
  • Target version set to 2.4.0
  • Affected Version set to All
  • Affected Architecture All added
  • Affected Architecture deleted ()

The fix in the PR Looks good to me.

Actions #3

Updated by Jim Pingle almost 7 years ago

  • Status changed from New to Feedback

PR was merged

Actions #4

Updated by Jim Pingle almost 7 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF