Details
-
Bug
-
Resolution: Fixed
-
Major
-
4.0.0
-
Security Level: Public
-
None
-
Any OS
-
Untriaged
-
Unknown
Description
currently, to writing settings for debugging, read settings into a file, modify and
curl localhost:9102/settings -d @settings:json
This does not require any authorization. Which makes it vulnerable.
Attachments
For Gerrit Dashboard: MB-13695 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
47748,3 | MB-13695 indexer: Add authentication for /settings endpoint | unstable | indexing | Status: MERGED | +2 | +1 |