[jboss-jira] [JBoss JIRA] Resolved: (JBPORTAL-1997) Couple of CMS Security issues
Sohil Shah (JIRA)
jira-events at lists.jboss.org
Thu May 1 16:30:18 EDT 2008
[ http://jira.jboss.com/jira/browse/JBPORTAL-1997?page=all ]
Sohil Shah resolved JBPORTAL-1997.
----------------------------------
Resolution: Done
> Couple of CMS Security issues
> -----------------------------
>
> Key: JBPORTAL-1997
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1997
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal CMS
> Affects Versions: 2.6.4 Final
> Reporter: Sohil Shah
> Assigned To: Sohil Shah
> Fix For: 2.6.5 Final
>
>
> The logic issue lies in the isPortletAccessible check in the CMSAdminPortlet. Side effects are:
> because of this check, the Portlet itself is unavailable even if the resources in the CMS are accessible as per the permissions set on the CMS. Behavior contradicts its setup
> usecases affected are:
> 1/ The CmsRootUser cannot access the CMS Admin tool. This completely defeats the purpose of the RootUser who should have all privileges to go in and fix things
> 2/ The CMSAdmin tool cannot be setup for access by Anonymous users
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list