Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 2.2 M1
Affects Version/s: 1.1 RC1
Component/s: {Unused} Packaging
Labels:
None

Development Priority:
Low
Similar issues:

Description

When importing a XAR in a wiki, there is no verfication that the user who make the import
has the same level of rights as the users that are listed in the pages inside the xar.

So, if a user imports specially crafted xar, he can creates pages with groovy code that will
be executed as more privileged users (for example farm's admins)

Attachments

Activity

People

Assignee:: Jerome Velociter

Reporter:: Raffaello Pelagalli

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 30/Aug/07 12:53

Updated:: 02/Dec/22 10:44

Resolved:: 22/Jan/10 18:58

Date of First Response:: 17/Mar/08 1:11 PM