AnsweredAssumed Answered

Redirect issue with the previous links included with the initial alert

Question asked by josepeinado on Oct 17, 2014
Someone has more information regarding this security issue and if it affects community edition 4.2e (Alfresco Community v4.2.0
(r63893-b12) schema 6033
Spring Surf and Spring WebScripts - v1.2.0
(Release 1331))


Alfresco Security Alert - Action Required
I apologize as it has been brought to our attention that there is a redirect issue with the previous links included with the initial alert.
Please use the following links to access the Customer Support Portal and the Knowledge Base articles detailing this issue, how this security vulnerability can be exposed, mitigation steps, and the fix for it under this knowledge base article. (http://go.alfresco.com/DLB400t0ZIw00F01K2180Ul)

Two medium-impact security issues have also been raised, potentially exposing Alfresco users to attacks from injected JavaScript and iFrames.

The details for these two issues and their fixes are available in the following knowledge base articles:
TaskID Injection: http://go.alfresco.com/y1FLwl820U0KZIC04u00010
Control Wrapper Injection: http://go.alfresco.com/I010DLw0K48v2U1l0F0IZ00



Can the community forum add documentation around this?

regards

Outcomes