Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-4635

Search is not filtered based on device permissions

Details

    • Bug
    • Resolution: Fixed
    • Major
    • None
    • Professional Edition
    • Security
    • None
    • Observium 23.10.13049

    Description

      Search is not filtered based on device permissions. This leads to a info leak when providing restricted access for users on specific devices. Search results will include devices, sensors and other resources on devices which the user should not be able to see.

      This appears to be because of using $GLOBALS['cache']['where']['device_permitted'] to generate the WHERE-clause, while the correct variable is $GLOBALS['cache']['where']['devices_permitted'].

      I've attached a proposed patch.

      Attachments

        Activity

          [OBS-4635] Search is not filtered based on device permissions

          Thanks, fixed in r13054.

          landy Mike Stupalov added a comment - Thanks, fixed in r13054.

          General questions and device support can be discussed in our Discord channel, click here to join.


          Please make and attach additional information about the device:

          • full snmp dump from device:

            snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1 > myagent.snmpwalk
            snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk

            If device not support SNMP version 2c, replace -v2c with -v1.

          • If you have problems with discovery or poller processes, please do and attach these debugs:

            ./discovery.php -d -h <device>
            ./poller.php -d -h <device>

          • additionally attach device and/or vendor specific MIB files

          This comment is added automatically.

          bot Observium Bot added a comment - General questions and device support can be discussed in our Discord channel, click here to join . Please make and attach additional information about the device: full snmp dump from device: snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1 > myagent.snmpwalk snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk If device not support SNMP version 2c, replace -v2c with -v1. If you have problems with discovery or poller processes, please do and attach these debugs: ./discovery.php -d -h <device> ./poller.php -d -h <device> additionally attach device and/or vendor specific MIB files This comment is added automatically.

          People

            landy Mike Stupalov
            vegarl Vegar Løvås
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: