Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-12887

Zabbix user can see super administrator messages, that can contain information about users and mails from another groups

XMLWordPrintable

    • Sprint 20, Sprint 21, Sprint 22
    • 0.25

      Steps to reproduce:

      1. Add 2 user groups: group1: super_user1, admin_user1, user1 and group2: super_user2, admin_user2, user2. Set Permissions -> User type corresponding to user aliases;
      2. Add an action - to send emails for both user groups (group1, group2);
        • Add {ESC.HISTORY} macro in recovery message;
      3. Add permissions on a host to both user groups (group1, group2);
      4. Put trigger in problem state;
      5. Login with user1;
        Result: User get emails about the problem. User can see emails only from his own group in frontend - OK
      6. Restore trigger state
        Result: User get emails about trigger recovery. Email body contains information only about users from the same group - OK
      7. Open event details page and check another users mails.
        Result: In frontend user1 can view Super administrator mail containing problem history from {ESC.HISTORY} macro about users from another groups.
      Trigger: CLONE: Too many processes on ZBX-12655
Trigger status: OK
Trigger severity: Average
Trigger URL: 
Escape history: Problem started: 2017.10.17 08:50:38 Age: 22m
1. 2017.10.17 08:50:41 message failed      Email [email protected] "  (super_user1)" wrong answer on RCPT TO "550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table"
1. 2017.10.17 08:50:41 message failed      Email [email protected] "  (admin_user1)" wrong answer on RCPT TO "550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table"
1. 2017.10.17 08:50:41 message failed      Email [email protected] "  (super_user2)" wrong answer on RCPT TO "550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table"
1. 2017.10.17 08:50:41 message failed      Email [email protected] " root (user2)" wrong answer on RCPT TO "550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table"
1. 2017.10.17 08:50:41 message failed        "user1  (user1)" No media defined for user "user1  (user1)"
1. 2017.10.17 08:50:41 message sent        Email [email protected] "Zabbix Administrator (Admin)"
Problem ended: 2017.10.17 09:12:38 
Problem ended: 2017.10.17 09:12:38 

Item values:

1. Number of processes (ZBX-12655:proc.num[]): 310
2. *UNKNOWN* (*UNKNOWN*:*UNKNOWN*): *UNKNOWN*
3. *UNKNOWN* (*UNKNOWN*:*UNKNOWN*): *UNKNOWN*

Original event ID: 804

      Expected: Regular user can’t see information about user/mail from another user group

            valdis Valdis Kauķis (Inactive)
            akucenko Anna Kucenko (Inactive)
            Team A
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: