Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability dashboard error loading for read-only user #6985

Closed
TDYK opened this issue Sep 10, 2024 · 2 comments · Fixed by #6993
Closed

Vulnerability dashboard error loading for read-only user #6985

TDYK opened this issue Sep 10, 2024 · 2 comments · Fixed by #6993
Assignees
Labels
level/task Task issue reporter/community Issue reported by the community type/troubleshooting

Comments

@TDYK
Copy link

TDYK commented Sep 10, 2024

Wazuh Rev Browser
4.9.0-1 ubuntu-rep any

Description
Vulnerability dashboard not working for read-only user

Preconditions
Wazuh Installation from repository on Ubuntu 20.04

Steps to reproduce

  1. Create a read-only user as discribed in https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html
  2. Login with new read-only user and navigate to app/vulnerability-detection
  3. The page is not loading

Error in logs:

[2024-09-10T14:02:19,459][WARN ][o.o.s.c.PrivilegesInterceptorImpl] [Wazuh-Indexer-01P] Tenant global_tenant is not allowed to write (user: readonly)
[2024-09-10T14:02:19,620][WARN ][o.o.s.c.PrivilegesInterceptorImpl] [Wazuh-Indexer-01P] Tenant global_tenant is not allowed to write (user: readonly)

Error in browser console:

PUT
https://wazuh/api/saved_objects/index-pattern/wazuh-states-vulnerabilities-*
[HTTP/2 403  25ms]

Screenshots
image

Other pages that work with index are working, like this:
image

@TDYK
Copy link
Author

TDYK commented Sep 11, 2024

Same issue in the mailing list:
https://groups.google.com/g/wazuh/c/_w_BNaohbzE

@gdiazlo gdiazlo added reporter/community Issue reported by the community level/task Task issue type/troubleshooting labels Sep 11, 2024
@Desvelao
Copy link
Member

Desvelao commented Sep 11, 2024

I got to replicate the problem.

  1. Create a readonly user following these steps https://documentation.wazuh.com/4.9/user-manual/user-administration/rbac.html
  2. Ensure the Vulnerabilities detection in the Wazuh server is enabled and this can connect with the Wazuh indexer
  3. Ensure the vulnerabilities states index was created
  4. With a user with write permission on the selected tenant, go to Vulnerabilities Detection > Dashboard / Inventory, and it should create the index pattern
  5. Login with the readonly user and go to Vulnerabilities Detection > Dashboard / Inventory.

The view is stucked in the Searching:
image

Regarding the request from the browser dev tools, there are some requests failing

image
image

{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "no permissions for [indices:data/write/update] and User [name=wz-readonly, backend_roles=[], requestedTenant=null]: security_exception: [security_exception] Reason: no permissions for [indices:data/write/update] and User [name=wz-readonly, backend_roles=[], requestedTenant=null]"
}

This indicates and error trying to update the index pattern. Regarding the initiator of this request, this seems to be related the select method of the data source that is updating the index pattern data. This action can not be done by readonly users.

Related code: https://github.com/wazuh/wazuh-dashboard-plugins/blob/v4.9.0/plugins/main/public/components/common/data-source/pattern/pattern-data-source.ts#L55

For another hand, going to Events tab, this is displayed, so I assume, the select method of the data source is not called.

The difference of Events tab or Dashboard/Inventory is that the alerts index pattern can be obtained of getDefault method in https://github.com/wazuh/wazuh-dashboard-plugins/blob/v4.9.0/plugins/main/public/components/common/data-source/pattern/pattern-data-source-selector.ts#L108-L112. The alerts index pattern uses a value of index pattern ID stored in a cookie, if this does not exist at the moment to create the instance of data source, I guess the Events tab could fail in same way.

Possible solutions to apply in the fix:

  • unify the behavior of alerts and vulnerabilities states index patterns
  • updating the index pattern data when selecting it through the data source should not cause the view is stuck in searching
  • remove the logic to update the index pattern data

In this case, the user should update manually the index pattern data (fields) through Dashboard management > Dashboard Management > Index patterns

@wazuhci wazuhci moved this to Triage in Release 4.9.1 Sep 12, 2024
@guidomodarelli guidomodarelli self-assigned this Sep 12, 2024
@wazuhci wazuhci moved this from Triage to In progress in Release 4.9.1 Sep 12, 2024
@guidomodarelli guidomodarelli linked a pull request Sep 13, 2024 that will close this issue
6 tasks
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.9.1 Sep 13, 2024
@wazuhci wazuhci moved this from Pending review to In final review in Release 4.9.1 Sep 16, 2024
@wazuhci wazuhci moved this from In final review to Done in Release 4.9.1 Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
level/task Task issue reporter/community Issue reported by the community type/troubleshooting
Projects
No open projects
Status: Done
Development

Successfully merging a pull request may close this issue.

5 participants