-
Incident report
-
Resolution: Fixed
-
Blocker
-
None
-
1.9.0 (alpha)
-
None
-
rev 8369
it seems that no permission limits are enforced when using api - logged in as monitoring access with read only access to single hostgroup, was able to access all configured hosts, all user information including password hashes etc