[LPS-11916] deleteEntry method on AssetEntryServiceUtil is unprotected - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 6.0.4 GA, 6.0.5 GA
Fix Version/s: --Sprint - SP, 6.1.0 CE RC1
Component/s: Accessibility, Security Vulnerability
Labels:
None

Branch Version/s:

6.0.x
Backported to Branch:

Committed

Description

The deleteEntry method on AssetEntryServiceUtil is currently unprotected. No permissions are being checked what so ever so anyone can delete any assetentry

Example:

http://localhost:8080/c/portal/json_service?serviceClassName=com.liferay.portlet.asset.service.AssetEntryServiceUtil&serviceMethodName=deleteEntry&serviceParameters=["entryId"]&entryId=10291

Attachments

Issue Links

relates

LPE-3020 AssetEntryServiceUtil.deleteEntry() is unprotected

Closed

Activity

People

Assignee:: Raymond Auge

Reporter:: Jelmer Kuperus (Inactive)

Participants of an Issue:: Brian Chan, Jelmer Kuperus, Mark Jin, Pani Gui, Raymond Auge

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Aug/10 1:50 PM

Updated:: 01/Dec/15 5:22 AM

Resolved:: 06/Oct/10 6:30 AM

Days since last comment:: 10 years, 22 weeks, 4 days ago

Packages

Version	Package
--Sprint - SP
6.1.0 CE RC1