Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-13190

Admin user can enable/disable action without permissions on it

XMLWordPrintable

    • Sprint 19, Sprint 21, Sprint 22
    • 0.25

      Steps to reproduce:
      1. Create admin user
      2. Login as admin user and create action
      3. Open dev tools (F12 - Network - Preserve log)
      4. Select action in list and choose mass enable
      5. Select actionconf.php in dev tools, copy from headers form data
      6. Paste into url and change action id. For example action id=3 (default disabled action for superadmin)
      Result: action status changed
      Expected result: error something like "No permissions to referred object"

      Thanks for report vjaceslavs

        1. action.png
          234 kB
          Natalja Romancaka
        2. getting_there.png
          34 kB
          Vjaceslavs Bogdanovs

            gcalenko Gregory Chalenko
            natalja.zabbix Natalja Romancaka
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: