jsrpc_permissions.patch
[ZBX-5287] Users receive GUI messages for events on hosts that they don't have permissions to view. Created: 2012 Jul 06 Updated: 2017 May 30 Resolved: 2012 Jul 19 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Frontend (F) |
| Affects Version/s: | 1.8.12 |
| Fix Version/s: | None |
| Type: | Incident report | Priority: | Minor |
| Reporter: | Charlie Stanley | Assignee: | Unassigned |
| Resolution: | Cannot Reproduce | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
jsrpc_permissions.patch
|
| Description |
|
The javacript rpc handler (jsrpc.php) does not check user permissions when replying to hosts. The result is that users receive alerts for hosts that they do not have permission to view. This can be troublesome in environments where multiple departments are using a single Zabbix instance. I have created and tested a patch for this issue for version 1.8.12, but presumably it should work for other versions as well. |
| Comments |
| Comment by Toms (Inactive) [ 2012 Jul 11 ] |
|
Unable to reproduce the problem, please give step by step instructions to reproduce the problem. |
| Comment by Alexey Fukalov [ 2012 Jul 16 ] |
|
Cannot reproduce in latest 1.8. |
| Comment by Alexey Fukalov [ 2012 Jul 19 ] |
|
Should you have any additional information or steps to reproduce, please do not hesitate to reopen this issue. |