EIQ-2018-0019



ID

EIQ-2018-0019

(Former ref.: 25757)

CVE

-

Description

Stack trace information is available to non admin users

Date

-

Severity

1 - LOW

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/check.svg 2.4.0

Assessment

When a platform action or operation fails to correctly execute, a stack trace may be available to help sysadmins troubleshoot the problem.

Mitigation

The field with traceback log information should be available only to admin users; it should be empty for non-admin users.

From release 2.4.0 the read traceback-logs permission controls read access to the stack trace/traceback.
Only roles with this permission, and only users with roles that include this permission, can access traceback information.

Affected versions

2.3.1 to 2.3.4 included.

Notes

-

< Back to all security issues and mitigation actions

In release notes 2.4.0