Bug #3481

vdcadmin user->VMs table shows other users' VMs

Added by Bill Cole over 6 years ago. Updated over 6 years ago.

Status:ClosedStart date:12/29/2014
Priority:NormalDue date:
Assignee:Daniel Molina% Done:

100%

Category:Sunstone
Target version:Release 4.10.2
Resolution:fixed Pull request:
Affected Versions:OpenNebula 4.10

Description

When using the vdcadmin view as oneadmin, the table of summary VM info for any user whose id is a substring of another user's id will include blocks for the other user's VMs. This is most readily demonstrated with the 'serveradmin' user (by default, id=1) with other users in the range 10-19.

This seems to be mostly cosmetic, as normal permissions and ACLs appear to prevent unprivileged users from being shown other users' VMs, but it is an indication of potentially risky code being used to identify VM ownership.

Associated revisions

Revision 7cc45141
Added by Daniel Molina over 6 years ago

bug #3481: Use regex to filter user resources

Revision e67f6718
Added by Daniel Molina over 6 years ago

bug #3481: Use regex to filter user resources

(cherry picked from commit 7cc45141f6e478c1d37a8c5861201b7f5ee4364e)

Revision f57e919e
Added by Daniel Molina over 6 years ago

bug #3481: Clear filter when there is no user selected

Revision 135191c5
Added by Daniel Molina over 6 years ago

bug #3481: Clear filter when there is no user selected

(cherry picked from commit f57e919e22e18ff9c33af184a663baf7d05b0f43)

History

#1 Updated by Ruben S. Montero over 6 years ago

  • Category set to Sunstone
  • Status changed from Pending to New
  • Assignee set to Daniel Molina
  • Target version set to Release 4.10.2

Thanks for the feedback!

#2 Updated by Daniel Molina over 6 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
  • Resolution set to fixed

Also available in: Atom PDF