Commit [f36ef5]  Maximize  Restore  History

Stop cgi-bin/status.c from listing unauthorized hosts and services in servicegroup view

Several servicegroup views (overview, summary, grid) in cgi-bin/status.c
list all hosts and services within a servicegroup. This is a security
issue, as hosts and services (at least their names) are leaked to
unauthorized users. Instead, the lists of hosts and services must contain
only objects that the user is authorized to see.

This patch fixes the servicegroup overview, summary and grid views to
list only hosts and services that the user is authorized to see.

Signed-off-by: Andreas Ericsson <ae@op5.se>

Jonas Meurer Jonas Meurer 2013-06-26

Andreas Ericsson Andreas Ericsson 2013-09-04

changed cgi/status.c
cgi/status.c Diff Switch to side-by-side view
Loading...

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks