55481 – UMC-Webserver: allow session overtake by UCR defined IP ranges

Bug 55481 - UMC-Webserver: allow session overtake by UCR defined IP ranges

Summary: UMC-Webserver: allow session overtake by UCR defined IP ranges

Status:	RESOLVED DUPLICATE of bug 43633

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	UMC (Generic)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	Florian Best
QA Contact:	UMC maintainers

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:

Reported:	2022-12-08 15:25 CET by Florian Best
Modified:	2023-06-19 14:19 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2022-12-08 15:25:36 CET

The Portal currently runs on the same host than on UMC and overtakes/co-uses the sessions of logged in users.
In a containerized area the request comes from a different IP than 127.0.0.1 and the session-overtake is therfor prevented.

We could make the allowed IP (ranges) which can overtake sessions configurable via UCR.

Comment 1 Florian Best

2022-12-08 15:29:55 CET

MR: https://git.knut.univention.de/univention/ucs/-/merge_requests/584

Comment 2 Florian Best

2023-06-19 14:19:29 CEST

Patch was applied in Bug #43633

*** This bug has been marked as a duplicate of bug 43633 ***