tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-8610-vulnerabilidad-en-gestion-de-usuarios-perfiles' into 'develop' 

Fix credential store ACL, only accces to PM or UM

See merge request artica/pandorafms!4719
This commit is contained in:
Daniel Rodriguez 2022-03-09 12:54:41 +00:00
parent c1dd265085 4f3c509bde
commit 671dc5e923
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/include/class/CredentialStore.class.php
View File

@ -158,7 +158,9 @@ class CredentialStore extends Wizard
// Check access.
check_login();
if (! check_acl($config['id_user'], 0, 'AR')) {
if ((bool) check_acl($config['id_user'], 0, 'PM') === false
|| (bool) check_acl($config['id_user'], 0, 'UM') === false
) {
db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION,
'Trying to access credential store'