List of packages getting exposed without logging in on publisher - AEM 6.5.8

Avatar

Avatar
Validate 1
Level 2
ashishkhadpe
Level 2

Likes

4 likes

Total Posts

50 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Ignite 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
ashishkhadpe
Level 2

Likes

4 likes

Total Posts

50 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Ignite 1
Boost 3
Boost 1
View profile
ashishkhadpe
Level 2

13-07-2021

Hi All,

 

We are currently facing an issue of list of packages getting exposed without logging in on AEM.

 

For example if I hit the URL like http<s>://<host>:<port>/crx/packmgr/list.jsp, I can see the JSON response showing the complete details of packages installed.

 

Not sure if this is with AEM 6.5.8.

 

Any fix for this?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Affirm 5
Level 3
Rajashankar
Level 3

Likes

23 likes

Total Posts

35 posts

Correct reply

9 solutions
Top badges earned
Affirm 5
Boost 10
Affirm 3
Ignite 1
Validate 1
View profile

Avatar
Affirm 5
Level 3
Rajashankar
Level 3

Likes

23 likes

Total Posts

35 posts

Correct reply

9 solutions
Top badges earned
Affirm 5
Boost 10
Affirm 3
Ignite 1
Validate 1
View profile
Rajashankar
Level 3

13-07-2021

Hi @ashishkhadpe 

This is a feature as part of http service interface for package management.

 

You can block it by using a custom filter. Please refer this thread same way you can block by implementing your own logic as part  of servlet filter.

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-security-json-extensio...

 

Hope this helps.

 

Regards,

Rajashankar.R

Answers (3)

Answers (3)

Avatar

Avatar
Establish
MVP
Ravi_Pampana
MVP

Likes

202 likes

Total Posts

247 posts

Correct reply

77 solutions
Top badges earned
Establish
Contributor
Shape 1
Ignite 5
Ignite 3
View profile

Avatar
Establish
MVP
Ravi_Pampana
MVP

Likes

202 likes

Total Posts

247 posts

Correct reply

77 solutions
Top badges earned
Establish
Contributor
Shape 1
Ignite 5
Ignite 3
View profile
Ravi_Pampana
MVP

13-07-2021

Hi,

 

I tried in AEM 6.5 plain instance, AEM 6.5.6 and AEM 6.5.8 and don't see the packages list showing up without login. Make sure that you are not logged into publish instance in any other tab

Avatar

Avatar
Boost 100
Level 6
snbaem
Level 6

Likes

119 likes

Total Posts

249 posts

Correct reply

38 solutions
Top badges earned
Boost 100
Springboard
Establish
Validate 25
Validate 10
View profile

Avatar
Boost 100
Level 6
snbaem
Level 6

Likes

119 likes

Total Posts

249 posts

Correct reply

38 solutions
Top badges earned
Boost 100
Springboard
Establish
Validate 25
Validate 10
View profile
snbaem
Level 6

13-07-2021

Hi,

 

I don't see it on 6.5.8 

This is the response for me. Doesn't look like an issue in 6.5.8

{"results":[],"total":0}

Could it be a difference in permissions for everyone group or anonymous user?

Avatar

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,462 likes

Total Posts

3,329 posts

Correct reply

949 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,462 likes

Total Posts

3,329 posts

Correct reply

949 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile
Arun_Patidar
MVP

13-07-2021

Hi,

I don't see this issue in AEM 6.5.7

can you try on the vanilla instance?