[gatein-issues] [JBoss JIRA] (GTNPORTAL-2616) Ordinary user is able to modify email of others by hacking account profile tab.
Hai Nguyen (JIRA)
jira-events at lists.jboss.org
Thu Oct 4 03:01:03 EDT 2012
[ https://issues.jboss.org/browse/GTNPORTAL-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hai Nguyen updated GTNPORTAL-2616:
----------------------------------
Labels: portal-s69 synced (was: )
> Ordinary user is able to modify email of others by hacking account profile tab.
> --------------------------------------------------------------------------------
>
> Key: GTNPORTAL-2616
> URL: https://issues.jboss.org/browse/GTNPORTAL-2616
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Minh Hoang TO
> Priority: Blocker
> Labels: portal-s69, synced
>
> Severe security issue as user could hack username input field while saving his own user profile to change emails of admins.
> Back port of EXOGTN-1251
> https://jira.exoplatform.org/browse/EXOGTN-1251
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list