-
-
Notifications
You must be signed in to change notification settings - Fork 740
VulnerabilityResource might bypass ACLs #4809
Copy link
Copy link
Open
Labels
access controldefectSomething isn't workingSomething isn't workingp2Non-critical bugs, and features that help organizations to identify and reduce riskNon-critical bugs, and features that help organizations to identify and reduce riskpending release
Milestone
Description
Metadata
Metadata
Assignees
Labels
access controldefectSomething isn't workingSomething isn't workingp2Non-critical bugs, and features that help organizations to identify and reduce riskNon-critical bugs, and features that help organizations to identify and reduce riskpending release
Type
Fields
Give feedbackNo fields configured for issues without a type.
Current Behavior
It seems that some endpoints might leak vulnerable software despite ACLs (only looked at the
vulnerabilityendpoint so far). As of right now, this is speculation, and may be closed by DT maintainers at their wish. However, filtering based on ACLs seems to only happen for components most of the time, but not vulnerable software.Dependency-Track Version
4.12.7
Checklist