[OFBIZ-13130] [CVE-2024-45195] Add permission check for view-maps and change defaults for request-maps - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 18.12.15
Fix Version/s: 18.12.16
Component/s: ALL APPLICATIONS, ALL COMPONENTS, ALL PLUGINS
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

If a user is not authorized, the system should not allow access to rendered views.

Additionally, the default for the request-map paramerters "auth" and "https" should be set to "true".

This improvement aims to enhance security by preventing unauthorized access.

Attachments

Issue Links

links to

GitHub Pull Request #126

GitHub Pull Request #831

Activity

People

Assignee:: Sebastian Tschikin

Reporter:: Sebastian Tschikin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Aug/24 14:07

Updated:: 21/Nov/24 09:25

Resolved:: 03/Sep/24 06:59