[NXP-6003] incorrect security check in export restlet when Anonymous is enabled - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.4
Fix Version/s: 5.4.0.1, 5.4.2-RC1, 5.4.2
Component/s: Web API (REST or WS*)

Tags:
- security

Description

Once authenticated, users that have no rights to access the exported root document get access to the content.

This can be put easily in evidence by

creating a document note using the administrator account
exporting the document note using an anonymous access

Attachments

Activity

People

Assignee:

Stéphane Lacoin

Reporter:

Stéphane Lacoin

Participants:

Stéphane Lacoin

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

2010-11-22 16:05

Updated:

2011-05-17 09:27

Resolved:

2010-11-22 17:35