[JIRA] Resolved: (NXP-6003) security hole in export restlet

JIRA NUXEO Mon, 22 Nov 2010 09:38:00 -0800

     [ 
https://jira.nuxeo.org/browse/NXP-6003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Stéphane Lacoin resolved NXP-6003.
----------------------------------

    Resolution: Fixed

> security hole in export restlet
> -------------------------------
>
>                 Key: NXP-6003
>                 URL: https://jira.nuxeo.org/browse/NXP-6003
>             Project: Nuxeo Enterprise Platform
>          Issue Type: Bug
>          Components: Web API (REST or WS*)
>    Affects Versions: 5.4
>            Reporter: Stéphane Lacoin
>            Assignee: Stéphane Lacoin
>            Priority: Major
>             Fix For: 5.4.1
>
>   Original Estimate: 0 minutes
>  Remaining Estimate: 0 minutes
>
> Once authenticated, users that have no rights to access the exported root 
> document get access to the content.
> This can be put easily in evidence by 
> * creating a document note using the administrator account
> * exporting the document note using an anonymous access 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

[JIRA] Resolved: (NXP-6003) security hole in export restlet

Reply via email to