Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-5506

Default roles have weak URI security checks

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None
    • samples, security

    Description

      The default editor role has a whole bunch of URI denies (/.magnolia/pages/configuration*, etc).

      As noted in MAGNOLIA-5505, this opens up a bunch of security issues, such as being able to gain access to a page one shouldn't have access to.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            relates to

            Bug - A problem which impairs or prevents the functions of the product. MGNLADMLEG-48 PageMVCServlet should be using AggregationState or normalize URLs and be stricter when looking up which page to serve

            • Critical - Crashes, loss of data, severe memory leak.
            • Closed

            Activity

              People

                Unassigned Unassigned
                gjoseph Magnolia International
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Checklists

                    Bug DoR
                    Task DoD