Univention Bugzilla – Bug 53453
Renaming groups does not check existing group names or user names
Last modified: 2023-12-20 13:11:42 CET
Creating a groups/group object with a name of an existing user is prevented by UDM. But renaming an existing group is allowed. It even works with existing group names. You can have multiple groups of the same name, given that they all differ in position.
This may be a security issue if someone may create / rename groups. And some software only checks for the actual name of a group. Example may be a UCS@school workgroup named "Domain Admins"? Not sure, but just in case, I flag it as security.
Patch available in: https://git.knut.univention.de/univention/ucs/-/merge_requests/112
Fixed in: univention-directory-manager-modules.yaml ae47c0e6c1ec | Bug #53453: check uniqueness of groupname when renaming a group univention-directory-manager-modules (15.0.11-11) ae47c0e6c1ec | Bug #53453: check uniqueness of groupname when renaming a group ucs-test (10.0.6-11) 772f119442e1 | Bug #53453: enhance 07_group_creation_with_name_already_in_use
Tests: ~OK (they work, but they were not cherry-picked!) Manual Tests: OK Code review: OK YAML: OK
<https://errata.software-univention.de/#/?erratum=5.0x61>