Bug #3481
vdcadmin user->VMs table shows other users' VMs
| Status: | Closed | Start date: | 12/29/2014 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Daniel Molina | % Done: | 100% | |
| Category: | Sunstone | |||
| Target version: | Release 4.10.2 | |||
| Resolution: | fixed | Pull request: | ||
| Affected Versions: | OpenNebula 4.10 |
Description
When using the vdcadmin view as oneadmin, the table of summary VM info for any user whose id is a substring of another user's id will include blocks for the other user's VMs. This is most readily demonstrated with the 'serveradmin' user (by default, id=1) with other users in the range 10-19.
This seems to be mostly cosmetic, as normal permissions and ACLs appear to prevent unprivileged users from being shown other users' VMs, but it is an indication of potentially risky code being used to identify VM ownership.
Associated revisions
bug #3481: Use regex to filter user resources
bug #3481: Use regex to filter user resources
(cherry picked from commit 7cc45141f6e478c1d37a8c5861201b7f5ee4364e)
bug #3481: Clear filter when there is no user selected
bug #3481: Clear filter when there is no user selected
(cherry picked from commit f57e919e22e18ff9c33af184a663baf7d05b0f43)
History
#1
Updated by Ruben S. Montero over 6 years ago
- Category set to Sunstone
- Status changed from Pending to New
- Assignee set to Daniel Molina
- Target version set to Release 4.10.2
Thanks for the feedback!
#2
Updated by Daniel Molina over 6 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
- Resolution set to fixed