Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-31090

DLFileVersionServiceImpl.getLatestFileVersion(long) doesn't have permission check

    Details

      Description

      DLFileVersionServiceImpl.getLatestFileVersion(long) doesn't have permission check. If the attacker starts to fetch files with random IDs, he/she can get all the details of the files in the document library.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  6 years, 50 weeks, 4 days ago

                  Packages

                  Version Package
                  6.1.2 CE GA3
                  6.1.30 EE GA3
                  6.2.0 CE M3