[jira] [Updated] (OFBIZ-13130) [CVE-2024-45195] Add permission check for view-maps and change defaults for request-maps

Jacques Le Roux (Jira) Thu, 05 Sep 2024 02:22:23 -0700


     [ 
https://issues.apache.org/jira/browse/OFBIZ-13130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jacques Le Roux updated OFBIZ-13130:
------------------------------------
    Summary: [CVE-2024-45195] Add permission check for view-maps and change 
defaults for request-maps  (was: Add permission check for view-maps and change 
defaults for request-maps)

> [CVE-2024-45195] Add permission check for view-maps and change defaults for 
> request-maps
> ----------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-13130
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13130
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL APPLICATIONS, ALL COMPONENTS, ALL PLUGINS
>    Affects Versions: 18.12.15
>            Reporter: Sebastian Tschikin
>            Assignee: Sebastian Tschikin
>            Priority: Major
>             Fix For: 18.12.16
>
>
> If a user is not authorized, the system should not allow access to rendered 
> views.
> Additionally, the default for the request-map paramerters "auth" and "https" 
> should be set to "true".
> This improvement aims to enhance security by preventing unauthorized access.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OFBIZ-13130) [CVE-2024-45195] Add permission check for view-maps and change defaults for request-maps

Reply via email to