Broken access controls in Alfresco Content Services

Discovered by Jack Misiura and Stefano Lanaro on behalf of The Missing Link Security

Vulnerability Details

The attack allows a threat actor with appropriate privileges to bypass access controls around script execution, potentially leading to unintended actions being performed by the web application or privilege escalation.

Affected Versions

5.0.x.x up to (including)

6.0.0.x up to (including)

6.1.0.x up to (including)

6.2.0.x up to (including)

7.0,,, up to (including

Fixed Versions

Either upgrade to Alfresco Content Services 7.1 or install appropriate hotfix for older versions.

Latest News