Details

      Description

      User with impersonate permission can impersonate administrators that are not omniadmins. This includes administrators not specified in omniadmin.users configuration property, if set, or administrators in other portal instances.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-222

        Attachments

          Activity

            People

            • Assignee:
              bryan.engler Bryan Engler
              Reporter:
              michael.bowerman Michael Bowerman (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.0.X EE
                6.1.X EE
                6.2.X EE