volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More
AI OnAI Offsmart_toy

[Bug?] Access rights to languages in edit mode.

Johan Petersson
Johan Petersson
Vote:
expand_less 0 expand_more

Hi,


It seems lika that language access rights are only checked in the dropdown menus in edit mode. If you access edit mode with a direct link to a page and a language you can access a language branch that you don't actually have access to, e.g. /cms/edit/default.aspx?id=12345&epslanguage=en&selectededitpaneltab=1. You can even edit the page and publish it.


Is this by design or a bug? For me it seems like a quite serious security bug.

#73766
Aug 08, 2013 15:03
error This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.