Details

      Description

      User with impersonate permission can impersonate administrators that are not omniadmins. This includes administrators not specified in omniadmin.users configuration property, if set, or administrators in other portal instances.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-222

        Attachments

          Activity

            People

            Assignee:
            bryan.engler Bryan Engler
            Reporter:
            michael.bowerman Michael Bowerman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                6.0.X EE
                6.1.X EE
                6.2.X EE