Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-26414

Anonymous users should not be able to access api/system/version end points.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Done
    • Affects Version/s: 7.23.3, 7.27.3
    • Fix Version/s: 7.35.1
    • Component/s: None
    • Labels:
      None
    • Environment:

      Environment details:

       

      Artifactory version: 7.23.8,  7.27.6

      DB type & Version: Derby

      On-Prem setup.

    • Location:
      External

      Description

      Problem description:

       

      When Anonymous users is enabled the user has access to api/system endpoints

       

      Impact:

      Anonymous users can access endpoints they shouldn't have access to.

       

      Expected behavior:

       

      Anonymous users should not be able to access api/system/version end points.

       

      Steps to reproduce:

      Enable Anonymous access.

      Execute request to the following endpoints: api/system/version, api/system/ping

       

       

        Attachments

          Activity

              People

              Assignee:
              Unassigned
              Reporter:
              davids David Shin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-26416 -
                  SYNCHRONIZED
                  • Last Sync Date: