client api: accessing sthpw search types using non admin user

0 Vote(s) - 0 Average

client api: accessing sthpw search types using non admin user

Diego

Guest

11-22-2021, 10:09 PM

Hi LazyLeopard,
this is bad security bug!

I tracked it to src/pyasm/search/search.py
When api_mode is open (default) there is no check for access to some security critical tables

Could you open an Issue on github reporting the bug? I will make a PR to fix it...

« Next Oldest | Next Newest »

Users browsing this thread: 4 Guest(s)

Messages In This Thread

client api: accessing sthpw search types using non admin user - by LazyLeopard - 11-17-2021, 12:15 PM

RE: client api: accessing sthpw search types using non admin user - by listy - 11-18-2021, 10:10 AM

RE: client api: accessing sthpw search types using non admin user - by LazyLeopard - 11-18-2021, 04:58 PM

RE: client api: accessing sthpw search types using non admin user - by LazyLeopard - 11-19-2021, 05:53 AM

RE: client api: accessing sthpw search types using non admin user - by Diego - 11-22-2021, 10:09 PM

RE: client api: accessing sthpw search types using non admin user - by LazyLeopard - 11-23-2021, 05:29 AM

RE: client api: accessing sthpw search types using non admin user - by Diego - 11-23-2021, 07:03 AM