Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
None
-
None
Description
The rest API for logviewer access is checking if UI filter params is set to deny access to users. It's possible now to configure the logviewer without UI filter params, so this check is no longer sufficient and can allow anyone access to logs.
See ResourceAuthorizer line 68....
Attachments
Issue Links
- links to