[ZBX-1341] permissions not enforced on api - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Incident report
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.9.0 (alpha)
Fix Version/s: None
Component/s: API (A)
Labels:
None
Environment:
rev 8369

Description

it seems that no permission limits are enforced when using api - logged in as monitoring access with read only access to single hostgroup, was able to access all configured hosts, all user information including password hashes etc

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: richlv

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 2009 Nov 25 00:12

Updated:: 2017 May 30 18:23

Resolved:: 2011 Jan 13 13:51