| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Medium |
| Requires Admin Access: | No |
| Fix Version: | 3 |
| Credit: | Internal Security Team |
| Description: |
There are some administrative jsps that are accessible to non-administrative users. This allows an attacker to target and call those jsps directly from their browsers without authentication. |
| References |
https://github.com/dotCMS/core/issues/6350 |