You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Alena Prokharchyk (JIRA)" <ji...@apache.org> on 2014/07/22 01:08:39 UTC

[jira] [Assigned] (CLOUDSTACK-6698) listResourceDetals - normal user able to list details not belonging to it

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-6698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alena Prokharchyk reassigned CLOUDSTACK-6698:
---------------------------------------------

    Assignee: Nitin Mehta  (was: Alena Prokharchyk)

Nitin, the API listResourceDetails was added by you in 4.2 version. Can you please check if the security check was missing from the very beginning, or was it broken along the way? If it was broken from the beginning, then you should find a way to fix it in generic manner by probably getting account/domain info from the corresponding resources' tables? 



> listResourceDetals - normal user able to list details not belonging to it
> -------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6698
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6698
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.4.0
>            Reporter: Nitin Mehta
>            Assignee: Nitin Mehta
>            Priority: Critical
>             Fix For: 4.4.0
>
>




--
This message was sent by Atlassian JIRA
(v6.2#6252)