(ofbiz-framework) branch trunk updated: Improved: [CVE-2024-38856] Add permission check for ProgramExport and EntitySQLProcessor

Thu, 05 Sep 2024 02:22:25 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 59b42220ab Improved: [CVE-2024-38856] Add permission check for 
ProgramExport and EntitySQLProcessor
59b42220ab is described below

commit 59b42220ab642699769895ee248575154db91e62
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu Sep 5 11:18:06 2024 +0200

    Improved: [CVE-2024-38856] Add permission check for ProgramExport and 
EntitySQLProcessor
    
    Removes now useless code after CVE-2024-45195.
    
    I'll not backport,  not needed
---
 .../groovy/org/apache/ofbiz/webtools/entity/EntitySQLProcessor.groovy | 4 ----
 .../main/groovy/org/apache/ofbiz/webtools/entity/ProgramExport.groovy | 3 ---
 2 files changed, 7 deletions(-)

diff --git 
a/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/EntitySQLProcessor.groovy
 
b/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/EntitySQLProcessor.groovy
index 2c38074ec5..289edf4cb6 100644
--- 
a/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/EntitySQLProcessor.groovy
+++ 
b/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/EntitySQLProcessor.groovy
@@ -24,10 +24,6 @@ import java.sql.ResultSetMetaData
 import org.apache.ofbiz.entity.jdbc.SQLProcessor
 import org.apache.ofbiz.entity.model.ModelGroupReader
 
-if (!security.hasPermission('ENTITY_MAINT', userLogin)) {
-    return
-}
-
 String sqlCommand = context.request.getParameter('sqlCommand') // (see 
OFBIZ-6567)
 
 String resultMessage = ''
diff --git 
a/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/ProgramExport.groovy
 
b/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/ProgramExport.groovy
index 46d24f0620..e5aa213d89 100644
--- 
a/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/ProgramExport.groovy
+++ 
b/framework/webtools/src/main/groovy/org/apache/ofbiz/webtools/entity/ProgramExport.groovy
@@ -23,9 +23,6 @@ import org.codehaus.groovy.control.CompilerConfiguration
 import org.codehaus.groovy.control.MultipleCompilationErrorsException
 import org.codehaus.groovy.control.customizers.ImportCustomizer
 
-if (!security.hasPermission('ENTITY_MAINT', userLogin)) {
-    return
-}
 String groovyProgram = null
 recordValues = []
 errMsgList = []

Reply via email to