Details

    Description

      User with impersonate permission can impersonate administrators that are not omniadmins. This includes administrators not specified in omniadmin.users configuration property, if set, or administrators in other portal instances.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-222

      Attachments

        Activity

          People

            bryan.engler Bryan Engler
            michael.bowerman Michael Bowerman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                6.0.X EE
                6.1.X EE
                6.2.X EE