The Sitecore/Developer role can read any text file on the file system

  • Description

    A user with the Sitecore/Developer role is able to read any text file on the file system through the Log Viewer application.

  • To resolve this issue, do not grant users the Sitecore/Developer role if you do not want them to view files on the file system.

Applies to:

CMS 6.1.0 Initial Release - 8.2 Update-6, 9.0 Initial Release - 9.0 Update-1

CMS 8.2 Update-7, 9.0 Update-2

April 23, 2018
February 08, 2019

Reference number:

210020

Keywords: 

  • Security Vulnerabilities