Notifications

287 views

Description

gr.query() is missing in "isVisible" function in "LabelUpdate" script include which causes Label ACLs being evaluated incorrectly.  This results in only tag owners deleting shared tags.

Steps to Reproduce

1. Go to LabelUpdate Script include
2. Go to isVisible function
3. Line 286 should have gr.query(); Or else it will never check the 'label_user_m2m' and will result in a critical ACL as being evaluated as false, preventing users from being able to remove tags from records that they are not the owner of the label for.

Workaround

Populate line 286 with gr.query();

Otherwise it will never check the 'label_user_m2m' and will result in a critical ACL as being evaluated as false, preventing users from being able to remove tags from records that they are not the owner of the label for.


Related Problem: PRB1384582

Seen In

SR - IRM - Audit Management - New York 2019 Q3
SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - GRC Workbench - New York 2019 Q3
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - IRM - Risk Management - New York 2019 Q3
SR - IRM - Vendor Risk Management - Madrid 2019 Q1
SR - ITBM - Agile 2.0 Dashboards v1.0
SR - ITBM - Scrum Dashboards Common v1.0
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Security Incident Response UI Patch - London 2019 Q2 v.6.2.3
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - VR - Vulnerability Response - New York 2019 Q3

Fixed In

New York Patch 10
Orlando Patch 7
Paris

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2020-10-15 03:20:27
Published:2020-07-14