Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-6752

Unauthorized users can create administrators

    Details

    • Fix Pack Status:
      Scheduled

      Description

      An unauthorized user can create users with administrator privileges. This was caused by missing permission checks. In addition, access to public JSON and JSON Web Service methods now require authentication by default.

      UPGRADE NOTE:

      The default property set was to allow access to all public methods for unauthorized users:

      #json.service.public.methods=
      json.service.public.methods=*

      This has been changed to default to disabling access for unauthorized users:

      json.service.public.methods=
      #json.service.public.methods=*

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kenneth.chang Kenneth Chang (Inactive)
                Reporter:
                zsolt.balogh Zsolt Balogh
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  5.1 EE SP6 (5.1.9)
                  5.2 EE SP6 (5.2.10)
                  6.1 EE GA2 (6.1.20)