Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-13094

Frontend: Zabbix user can see super administrator messages, that can contain information about users and mails from another groups

    XMLWordPrintable

Details

    • Problem report
    • Status: Reopened
    • Trivial
    • Resolution: Unresolved
    • 3.0.12, 3.2.10, 3.4.4, 4.0.0alpha1, 4.0 (plan)
    • None
    • Frontend (F)
    • Sprint 27, Sprint 28, Sprint 29, Sprint 30, Sprint 31, Sprint 32, Sprint 33, Sprint 34, Sprint 35, Sprint 36, Sprint 37, Sprint 38, Sprint 39, Sprint 40, Sprint 41, Sprint 42, Sprint 43, Sprint 44, Sprint 45

    Description

      Steps to reproduce:

      1. Add 2 user groups: group1: super_user1, admin_user1, user1 and group2: super_user2, admin_user2, user2. Set Permissions -> User type corresponding to user aliases;
      2. Add an action - to send emails for both user groups (group1, group2);
        • Add {ESC.HISTORY} macro in recovery message;
      3. Add permissions on a host to both user groups (group1, group2);
      4. Put trigger in problem state;
      5. Login with user1;
        Result: User get emails about the problem. User can see emails only from his own group in frontend - OK
      6. Restore trigger state
        Result: User get emails about trigger recovery. Email body contains information only about users from the same group - OK
      7. Open event details page and check another users mails.
        Result: In frontend user1 can view Super administrator mail containing problem history from {ESC.HISTORY} macro about users from another groups.
      Trigger: CLONE: Too many processes on ZBX-12655
      Trigger status: OK
      Trigger severity: Average
      Trigger URL: 
      Escape history: Problem started: 2017.10.17 08:50:38 Age: 22m
      1. 2017.10.17 08:50:41 message failed      Email [email protected] "  (super_user1)" wrong answer on RCPT TO "550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table"
      1. 2017.10.17 08:50:41 message failed      Email [email protected] "  (admin_user1)" wrong answer on RCPT TO "550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table"
      1. 2017.10.17 08:50:41 message failed      Email [email protected] "  (super_user2)" wrong answer on RCPT TO "550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table"
      1. 2017.10.17 08:50:41 message failed      Email [email protected] " root (user2)" wrong answer on RCPT TO "550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table"
      1. 2017.10.17 08:50:41 message failed        "user1  (user1)" No media defined for user "user1  (user1)"
      1. 2017.10.17 08:50:41 message sent        Email [email protected] "Zabbix Administrator (Admin)"
      Problem ended: 2017.10.17 09:12:38 
      Problem ended: 2017.10.17 09:12:38 
      
      Item values:
      
      1. Number of processes (ZBX-12655:proc.num[]): 310
      2. *UNKNOWN* (*UNKNOWN*:*UNKNOWN*): *UNKNOWN*
      3. *UNKNOWN* (*UNKNOWN*:*UNKNOWN*): *UNKNOWN*
      
      Original event ID: 804
      

      Expected: Regular user can’t see information about user/mail from another user group

      Attachments

        Issue Links

          Activity

            People

              zabbix.dev Zabbix Development Team
              akucenko Anna Kucenko (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: