[JIRA] Commented: (NXP-6003) security hole in export restlet

JIRA NUXEO Mon, 22 Nov 2010 09:38:00 -0800

    [ 
https://jira.nuxeo.org/browse/NXP-6003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=84801#action_84801
 ]


Stéphane Lacoin commented on NXP-6003:
--------------------------------------

fixed and backported in 5.4.0 maintenance branch

http://hg.nuxeo.org/nuxeo/nuxeo-jsf/log?rev=nxp-6003

> security hole in export restlet
> -------------------------------
>
>                 Key: NXP-6003
>                 URL: https://jira.nuxeo.org/browse/NXP-6003
>             Project: Nuxeo Enterprise Platform
>          Issue Type: Bug
>          Components: Web API (REST or WS*)
>    Affects Versions: 5.4
>            Reporter: Stéphane Lacoin
>            Assignee: Stéphane Lacoin
>            Priority: Major
>             Fix For: 5.4.1
>
>   Original Estimate: 0 minutes
>  Remaining Estimate: 0 minutes
>
> Once authenticated, users that have no rights to access the exported root 
> document get access to the content.
> This can be put easily in evidence by 
> * creating a document note using the administrator account
> * exporting the document note using an anonymous access 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

[JIRA] Commented: (NXP-6003) security hole in export restlet

Reply via email to