Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 4.2.0.Final
Affects Version/s: 4.1.0.Final
Component/s: JCR
Labels:
None

Git Pull Request:
https://github.com/ModeShape/modeshape/pull/1390

Description

When a property is updated (with property.setValue), the credentials are never checked. AbstractJcrProperty (or its set of sub-classes) seems to be missing any credential check.

I'm assuming this is by design, but this seems to be a security loophole.

Attachments

Activity

People

Assignee:: Horia Chiorean (Inactive)

Reporter:: Osman Din (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2015/02/10 12:55 PM

Updated:: 2015/02/16 1:53 AM

Resolved:: 2015/02/16 1:53 AM