Details
-
Bug
-
Resolution: Fixed
-
Low
-
3.2, 3.3, 3.4, 3.5, 4.3.7
-
2
-
Severity 3 - Minor
-
Description
If anonymous access is enabled under "Global Permissions", anonymous users can view the "Templates" section of the administration panel, as in:
- <server-base-url>/pages/templates/listpagetemplates.action
- <server-base-url>/pages/templates2/listpagetemplates.action?key=
- <server-base-url>/pages/templates2/viewpagetemplate.action?entityId=<template-id>&key=
Links to the rest of the administration panel are displayed, although the user is prompted to log in (and enter WebSudo credentials) when clicking them. In addition, the names of template owners are visible (but not their hover profiles).