Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18447

Users are allowed to overwrite the manifest.json even if they have deploy/cache permissions only

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Done
    • Affects Version/s: 6.7.0
    • Fix Version/s: None
    • Component/s: Docker
    • Labels:
    • Severity:
      Medium
    • Requirement Status:

      UNCOVERED

      Description

      After creating a docker registry and giving users permissions to deploy/cache only, pushing the same image twice will cause the manifest.json metadata to be changed (deployed by and last modified). This will not happen if the contents of manifest.json the user tries to push are different than what's stored in artifactory.

        Attachments

        1. Screen Shot 2019-02-13 at 9.32.57.png
          130 kB
          Shai Ben-Zvi
        2. Screen Shot 2019-02-13 at 9.43.45.png
          111 kB
          Shai Ben-Zvi
        3. Screen Shot 2019-02-13 at 9.46.18.png
          72 kB
          Shai Ben-Zvi

          Issue Links

            Forms

              Activity

                  People

                  Assignee:
                  asafz Asaf Zalcman
                  Reporter:
                  rafael Rafael Cunha de Almeida
                  Votes:
                  1 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      PagerDuty