漏洞
In ArcGIS Enterprise, viewing uploaded PDF files relies on URLs that token information that does not expire as expected.
| 漏洞 ID 编号 | BUG-000158578 |
|---|---|
| 已提交 | May 25, 2023 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | Portal for ArcGIS |
| 找到的版本 | 10.9.1 |
| 操作系统 | Windows Server |
| 操作系统版本 | 2019 64 Bit |
| 状态 | As Designed |
附加信息
In all versions of Portal for ArcGIS, the user's token is used when generating a link to the content. In Portal for ArcGIS 10.9.1 and prior, when a user logs into the portal, they are kept logged in for two weeks by default. Navigate to the Items Detail page and view the URL; the tokens used there are valid for two weeks by default. It is possible to reduce the maximum access token expiration and set it to a lower value if desired. In the 11.0 version, Portal for ArcGIS uses a different mechanism called a 'refresh token' that can be used to repeatedly generate new access tokens. An access token generated by a refresh token is valid for only 30 minutes. The description of the problem matches the documented and expected behavior of the software.重现步骤
漏洞 ID: BUG-000158578
软件:
- Portal for ArcGIS
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序