Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-22461

XWiki.EventStream.Code.EventClass is missing a required rights analyzer

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • 16.9.0-rc-1
    • 15.9-rc-1
    • Event Stream
    • None
    • Unknown

    Description

      The class XWiki.EventStream.Code.EventClass should have its own required rights analyzer that indicates the required admin right to allow the correct automatic configuration of required rights. This is not a security vulnerability as the two fields that can contain code are already analyzed as Velocity code and thus trigger warnings. I cannot think of any relevant security impact of a XWiki.EventStream.Code.EventClass where those scripts are empty.

      Attachments

        Activity

          People

            MichaelHamann Michael Hamann
            MichaelHamann Michael Hamann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: