[Nuxeo-tickets] [Nuxeo Repository] #1887: Security hole in CPSUserFolder

Nuxeo Repository trac at nuxeo.com
Mon Jan 21 23:41:34 CET 2008 

#1887: Security hole in CPSUserFolder
---------------------------+------------------------------------------------
 Reporter:  madarche       |       Owner:  madarche 
     Type:  defect         |      Status:  new      
 Priority:  P1             |   Milestone:  CPS 3.4.6
Component:  CPSUserFolder  |     Version:  TRUNK    
 Severity:  critical       |    Keywords:           
---------------------------+------------------------------------------------
 There is a serious security hole in CPSUserFolder making it possible to
 bypass authentication.

 The bug is present in CPSUserFolder >= 0.8.0, which has been present since
 CPS >= 3.3.5. The bug has been introduced by the changeset [25206].

 But only CPS instances having an "acl_users" of type "CPS User Folder" are
 vulnerable. CPS portals with "acl_users" of the old type "User Folder With
 Groups" are not vulnerable.

-- 
Ticket URL: <https://svn.nuxeo.org/trac/pub/ticket/1887>
Nuxeo Repository <http://www.cps-project.org/>
Nuxeo Repository


This list archive provided by Nuxeo, the leaders of open source ECM. Check out the Nuxeo 5 open source, standards-based ECM project.