Details
-
Bug
-
Resolution: Fixed
-
Highest
-
4.1.7
-
None
-
4.3
-
Description
LDAP directory users and groups exposed via the /users/userpicker.action.
There should be an option to restrict this to authenticated users only and perhaps this should be the default behavior.
The second exposed function that is part of this vulnerability is /spaces/opengrouppicker.action which can be accessed by anonymous users for internal directory browsing.
Attachments
Issue Links
- is related to
-
CONFSERVER-25322 The vulnerability exists in the standalone and also in the online demonstration enviroment.
- Closed