2018-11-06 09:03:50 UTC
A malicious user with enough administration entitlements can inject
names, Report names, AnyTypeClass keys and Policy descriptions.
When another user with enough administration entitlements edits one of
Vendor: The Apache Software Foundation
Releases prior to 2.1.2
Releases prior to 2.0.11
2.0.X users should upgrade to 2.0.11
2.1.X users should upgrade to 2.1.2
This issue was discovered by ï»¿Kevin Borras Soler.