Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inappropriate permissions' handling in MITRE intelligence section #4243

Closed
davidjiglesias opened this issue Jun 13, 2022 · 2 comments · Fixed by #4261, #4271 or #4272
Closed

Inappropriate permissions' handling in MITRE intelligence section #4243

davidjiglesias opened this issue Jun 13, 2022 · 2 comments · Fixed by #4261, #4271 or #4272
Assignees
@Machi3mfl
Labels
type/bug Bug issue type/enhancement Enhancement issue

Comments

@davidjiglesias
Copy link
Member

Hello,

The RBAC permissions in the MITRE intelligence section of the Wazuh Dashboard are not being properly handled.

If we enter the MITRE inventory section without read permissions, the following errors appear:

image
@davidjiglesias davidjiglesias added type/bug Bug issue type/enhancement Enhancement issue labels Jun 13, 2022
@davidjiglesias davidjiglesias moved this to Triage in Release 4.3.5 Jun 13, 2022
@snaow snaow moved this from Triage to Todo in Release 4.3.5 Jun 13, 2022
@Machi3mfl Machi3mfl self-assigned this Jun 14, 2022
@Machi3mfl
Copy link
Member

Machi3mfl commented Jun 14, 2022
edited
Loading

Steps to reproduce and test solution

1. Create a user with mitre:read denied

2. Create policy

Screen Shot 2022-06-14 at 13 08 55

3. Create role and assign policy created

Screen Shot 2022-06-14 at 13 09 36

4. Create user and assign role created

Screen Shot 2022-06-14 at 14 43 51

5. Add new API in settings using the user created

Screen Shot 2022-06-14 at 13 10 21

6. Go to Mitre section and check the Intelligence tab. Check changing API selected. Check api user with permissions too.

Screen Shot 2022-06-14 at 13 08 03
Screen.Recording.2022-06-14.at.13.15.16.mov

@Machi3mfl Machi3mfl mentioned this issue Jun 14, 2022
Merged
@Machi3mfl Machi3mfl linked a pull request Jun 14, 2022 that will close this issue
Added authorization prompt in Mitre > Intelligence #4261
Merged
@gdiazlo gdiazlo moved this from Todo to In progress in Release 4.3.5 Jun 15, 2022
@AlexRuiz7 AlexRuiz7 moved this from In progress to In review in Release 4.3.5 Jun 15, 2022
This was linked to pull requests Jun 17, 2022
[Backport 4.3-7.16] Added authorization prompt in Mitre > Intelligence #4271
Merged
[Backport 4.3-1.2-wzd] Added authorization prompt in Mitre > Intelligence #4272
Merged
@Desvelao
Copy link
Member

Solved in:

Repository owner moved this from In review to Done in Release 4.3.5 Jun 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Machi3mfl Machi3mfl

Labels
type/bug Bug issue type/enhancement Enhancement issue
Projects
No open projects
Release 4.3.5
Status: Done
Milestone
No milestone
3 participants
@Machi3mfl @Desvelao @davidjiglesias