Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 11.0.0.Final
Affects Version/s: 10.1.5.Final, 11.0.0.Final
Component/s: Server
Labels:
None

Git Pull Request:
https://github.com/infinispan/infinispan/pull/8128, https://github.com/infinispan/infinispan/pull/8258

When authz is enabled, the http://localhost:11222/rest/v2/cache-managers/default/caches
does not correctly handle it and we get a
ISPN000287: Unauthorized access: subject 'null' lacks 'ADMIN' permission

causes

ISPN-14986 CVE-2023-3629 Non-admins should not be able to get cache config via REST API

Resolved

Assignee:: Katia Aresti

Reporter:: Katia Aresti

Archiver:: Amol Dongare

Created:: 2020/03/25 12:14 PM

Updated:: 2024/07/12 8:44 PM

Resolved:: 2020/04/28 2:55 PM

Archived:: 2024/11/28 6:21 AM