[
https://issues.apache.org/jira/browse/CLOUDSTACK-6698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alena Prokharchyk reassigned CLOUDSTACK-6698:
---------------------------------------------
Assignee: Nitin Mehta (was: Alena Prokharchyk)
Nitin, the API listResourceDetails was added by you in 4.2 version. Can you
please check if the security check was missing from the very beginning, or was
it broken along the way? If it was broken from the beginning, then you should
find a way to fix it in generic manner by probably getting account/domain info
from the corresponding resources' tables?
> listResourceDetals - normal user able to list details not belonging to it
> -------------------------------------------------------------------------
>
> Key: CLOUDSTACK-6698
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6698
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: 4.4.0
> Reporter: Nitin Mehta
> Assignee: Nitin Mehta
> Priority: Critical
> Fix For: 4.4.0
>
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
