[infinispan-issues] [JBoss JIRA] (ISPN-9599) DefaultCacheManager.getGlobalComponentRegistry should require ADMIN permission
Dan Berindei (Jira)
issues at jboss.org
Fri Aug 23 10:17:01 EDT 2019
[ https://issues.jboss.org/browse/ISPN-9599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Berindei updated ISPN-9599:
-------------------------------
Security: (was: Security Issue)
> DefaultCacheManager.getGlobalComponentRegistry should require ADMIN permission
> ------------------------------------------------------------------------------
>
> Key: ISPN-9599
> URL: https://issues.jboss.org/browse/ISPN-9599
> Project: Infinispan
> Issue Type: Bug
> Components: Core
> Affects Versions: 9.3.3.Final, 9.4.0.Final
> Reporter: Dan Berindei
> Assignee: Dan Berindei
> Priority: Major
> Fix For: 10.0.0.Final, 9.4.17.Final
>
>
> {{DefaultCacheManager.getGlobalComponentRegistry()}} allows invoking any component without additional permission checks, so it needs ADMIN permission.
> {{DefaultCacheManager.getCacheManagerConfiguration()}} also allows access to some internal components, so it also needs ADMIN permission.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the infinispan-issues
mailing list