Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Commit [f36ef5] Maximize Restore History

Stop cgi-bin/status.c from listing unauthorized hosts and services in servicegroup view

Several servicegroup views (overview, summary, grid) in cgi-bin/status.c
list all hosts and services within a servicegroup. This is a security
issue, as hosts and services (at least their names) are leaked to
unauthorized users. Instead, the lists of hosts and services must contain
only objects that the user is authorized to see.

This patch fixes the servicegroup overview, summary and grid views to
list only hosts and services that the user is authorized to see.

Signed-off-by: Andreas Ericsson <ae@op5.se>

Jonas Meurer Jonas Meurer 2013-06-26

Andreas Ericsson Andreas Ericsson 2013-09-04

changed cgi
changed cgi/status.c
cgi
Directory.
cgi/status.c Diff Switch to side-by-side view
Loading...