Weceem

Security bug - file uploads via FCK are not restricted to authentication users

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Blocker Blocker
  • Resolution: Fixed
  • Affects Version/s: 0.8, 0.9, 0.9.1
  • Fix Version/s: 0.9.2
  • Component/s: None
  • Labels:
    None
  • Request Controller:
    Please Select
  • External Supervisor:
    Please select
  • Executing Programmer:
    Please select

Description

If your session times out, you can still upload files if you had the editor open. This shows that the FCK servlet is not protected by acegi filters.

This is an extremely serious bug that must be fixed without delay. Users who have installed the plugin must make sure that they are protecting the FCK servlets too.

Activity

Ascending order - Click to sort in descending order
There are no comments yet on this issue.

People

Vote (0)
Watch (0)

Dates

  • Created:
    06/Aug/10 2:20 PM
    Updated:
    27/Aug/10 2:03 PM
    Resolved:
    27/Aug/10 2:00 PM
Atlassian JIRA (v4.2#587) | Report a problem
Powered by a free Atlassian JIRA open source license for Grailsflow. Try JIRA - bug tracking software for your team.