Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-2948

SOLR REST API allows unauthenticated access to repository contents

    Details

    • Bug Priority:
      Category 1
    • ACT Numbers:

      15024-42338

      Description

      An omission has been discovered that means that HTTP access to repository APIs under the paths /alfresco/s/api/solr, /alfresco/wcservice/api/solr and /alfresco/wcs/api/solr are not protected by SOLR's SSL certificate and could potentially be used by an unauthenticated user to retrieve information from the repository

        Attachments

        1. access_denied.PNG
          access_denied.PNG
          52 kB
        2. certificate.PNG
          certificate.PNG
          68 kB
        3. log.txt.log
          22 kB

          Structure

            Activity

              People

              • Assignee:
                closedbugs Closed Bugs (Inactive)
                Reporter:
                thartmann thartmann
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Structure Helper Panel