Team D
[ZBX-15577] Restricted users can get hostnames of the hosts via host screen functionality Created: 2018 Dec 17 Updated: 2024 Apr 10 Resolved: 2019 Feb 05 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Frontend (F) |
| Affects Version/s: | None |
| Fix Version/s: | 3.0.25rc1, 4.0.4rc1, 4.2.0alpha3, 4.2 (plan) |
| Type: | Problem report | Priority: | Trivial |
| Reporter: | Rostislav Palivoda | Assignee: | Vasily Goncharenko (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Team: | Team D |
| Sprint: | Sprint 47, Dec 2018, Sprint 48, Jan 2019 |
| Story Points: | 0.25 |
| Description |
|
Zabbix administator can configure permissions for user groups. For example, he can restrict access to the information about group of the hosts. But it was found that restricted users (e.g. guest user) can get hostnames of the hosts via host screen functionality. It can be checked by using such URL as a restricted user: http://ZABBIX_SERVER/zabbix/host_screen.php?hostid=10084. 10084 is an id of the host, so it can be different for your system. |
| Comments |
| Comment by Vasily Goncharenko (Inactive) [ 2019 Jan 21 ] |
|
Fixed in:
|