Details

      Description

      A security vulnerability exists that allows any user who has permission to delete an attachment in the Wiki portlet to delete any file on the server.

      Workaround
      Add "com.liferay.portlet.wiki.service.WikiPageServiceUtil" to the property "json.service.invalid.class.names" in portal(-ext).properties.

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                7 years, 12 weeks, 4 days ago

                Packages

                Version Package
                6.1.1 CE GA2
                6.1.20 EE GA2
                --Sprint 11/12
                6.2.0 CE M2