Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18117

permissiontargets rest ui returns all local repos

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Done
    • Affects Version/s: 6.6.0
    • Fix Version/s: 6.6.0
    • Component/s: Web UI
    • Labels:
      None

      Description

      https://repo.jfrog.io/artifactory/ui/permissiontargets Will return a large body.

      This REST API is being called by the web UI in the main permissions screen.

      This api reveals all local repos in the field allRealRepos.

      This is problematic because:
      1. it may generate a huge body (performance impact)
      2. it reveals existence of repos to unauthorised users. (security impact)

      The field allRealRepos shall not be returned in the json response.
      It shall be used internally.

        Attachments

          Activity

              People

              Assignee:
              galba Gal Ben Ami [X] (Inactive)
              Reporter:
              galba Gal Ben Ami [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: