[JIRA] Created: (NXP-6003) security hole in export restlet

JIRA NUXEO Mon, 22 Nov 2010 08:05:57 -0800

security hole in export restlet
-------------------------------

                 Key: NXP-6003
                 URL: https://jira.nuxeo.org/browse/NXP-6003
             Project: Nuxeo Enterprise Platform
          Issue Type: Bug
          Components: Web API (REST or WS*)
    Affects Versions: 5.4
            Reporter: Stéphane Lacoin
            Assignee: Stéphane Lacoin
            Priority: Major
             Fix For: 5.4.1



Once authenticated, users that have no rights to access the exported root 
document get access to the content.

This can be put easily in evidence by 
* creating a document note using the administrator account
* exporting the document note using an anonymous access 





-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

[JIRA] Created: (NXP-6003) security hole in export restlet

Reply via email to