[LPS-82849] Disable Gogo Shell Telnet Access To Prevent Wide Range Of Vulnerabilities - Liferay Issues

XML

Word

Printable

Details

Type: Story
Status: Closed
Priority: Major
Resolution: Completed
Affects Version/s: Master
Fix Version/s: 7.1.0 CE GA1, 7.1.10 DXP FP1, Master
Component/s: Application Security
Labels:
- 7.1-must
- liferay-fixpack-dxp-1-7110

Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/60730

Description

With Gogo Shell Portlet now available in portal 7.1 we should disable telnet access as a security precaution.

With telnet listening on localhost:11311 any potential XXE or SSRF vulnerability or other local application can compromise portal installation.

The telnet access will still be available for components that depends on it (portal upgrade) and for developers in portal-developer.properties

Attachments

Issue Links

relates

LRDOCS-5413 Using telnet to access Gogo is disabled by default

Closed

Activity

People

Assignee:: Victor Ware

Reporter:: Tomáš Polešovský

Recent user:: Kiyoshi Lee

Participants of an Issue:: Tomáš Polešovský, Victor Ware

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 25/Jun/18 8:47 AM

Updated:: 01/Mar/19 11:29 AM

Resolved:: 12/Feb/19 4:33 PM

Packages

Version	Package
7.1.0 CE GA1
7.1.10 DXP FP1
Master