Details

      Description

      A security vulnerability exists that allows any user who has permission to delete an attachment in the Wiki portlet to delete any file on the server.

      Workaround
      Add "com.liferay.portlet.wiki.service.WikiPageServiceUtil" to the property "json.service.invalid.class.names" in portal(-ext).properties.

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            samuel.kong Samuel Kong
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              8 years, 13 weeks, 5 days ago

                Packages

                Version Package
                6.1.1 CE GA2
                6.1.20 EE GA2
                --Sprint 11/12
                6.2.0 CE M2