This issue has been created
 
 
XWiki Platform / cid:jira-generated-image-avatar-57ca7685-0685-4403-8086-fcb3643aedec XWIKI-22461 Open

XWiki.EventStream.Code.EventClass is missing a required rights analyzer
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-99cee766-af42-4b7d-b30f-8fba5ef630c2 Michael Hamann created this issue on 28/Aug/24 16:55
 
Summary: XWiki.EventStream.Code.EventClass is missing a required rights analyzer
Issue Type: cid:jira-generated-image-avatar-57ca7685-0685-4403-8086-fcb3643aedec Bug
Affects Versions: 15.10
Assignee: Unassigned
Components: Event Stream
Created: 28/Aug/24 16:55
Priority: cid:jira-generated-image-static-major-84c0b315-7a35-4907-9651-0e1d9a42788c Major
Reporter: Michael Hamann
Description:

The class XWiki.EventStream.Code.EventClass should have its own required rights analyzer that indicates the required admin right to allow the correct automatic configuration of required rights. This is not a security vulnerability as the two fields that can contain code are already analyzed as Velocity code and thus trigger warnings. I cannot think of any relevant security impact of a XWiki.EventStream.Code.EventClass where those scripts are empty.
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.