Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 14.0.18.Final, 15.0.0.Dev04
Affects Version/s: 15.0.0.Dev01, 14.0.11.Final
Component/s: REST
Labels:
None

Git Pull Request:
https://github.com/infinispan/infinispan/pull/11319, https://github.com/infinispan/infinispan/pull/11320

Description

The REST bulk read endpoints:

/rest/v2/caches/{cacheName}?action=keys
/rest/v2/caches/{cacheName}?action=entries

use the cluster publisher, which is an internal component which doesn't check that the subject has bulk read permissions

The methods require authentication, but once authenticated, any user can invoke them successfully.

Attachments

Activity

People

Assignee:: Tristan Tarrant

Reporter:: Tristan Tarrant

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2023/06/22 4:46 AM

Updated:: 2023/09/28 4:05 PM

Resolved:: 2023/09/28 4:05 PM