Details
-
Bug
-
Resolution: Fixed
-
Major
-
4.5.1
-
Unit
-
Unknown
-
N/A
-
N/A
-
Description
Steps to reproduce:
As a user with programming right, create a document with contentÂ
{{velocity}} $xcontext.dropPermissions() $services.solr.index('document:xwiki:Main.WebHome') {{/velocity}}
Expected result:
An error is logged that access has been denied.
Actual result:
No error is logged, dropping permissions has no effect even though the Solr script service requires programming right.
This can also be used to clear the index. However, in current versions of XWiki, dropPermissions() isn't used anymore as a real security feature and thus this vulnerability is not easily exploitable. Further, script right is still required to access this scripting API.
Attachments
Issue Links
- links to