False Security Issue in FCKEditor and Liferay 6.x Reported as CVE-2018-10795

Recently, a security vulnerability was filed in Mitre under CVE-2018-10795 reporting an issue in FCKEditor and Liferay Portal 6.x versions.


Liferay disputed this issue because file upload is an expected feature, subject to Role-Based Access Control checks where only authenticated users with proper permissions can upload files.

Liferay has also analyzed the report which does not contain steps to reproduce the vulnerability (to exploit it) so no other parties can prove there is such a vulnerability in the product.

¿Fue útil este artículo?
Usuarios a los que les pareció útil: 1 de 1