漏洞
Unchecking the Metadata operation for image service does not actually stop access.
| 漏洞 ID 编号 | BUG-000176000 |
|---|---|
| 已提交 | April 23, 2025 |
| 上次修改时间 | June 25, 2025 |
| 适用范围 | ArcGIS GIS Server |
| 找到的版本 | 11.4 |
| 操作系统 | Windows OS |
| 操作系统版本 | 10.0 64 Bit |
| 状态 | As Designed |
附加信息
According to the documentation of image service capabilities, the metadata capability is to control 'Allows clients to view metadata information for each raster in a mosaic dataset'. Refer to this documentation: https://enterprise.arcgis.com/en/server/latest/publish-services/windows/key-concepts-for-image-services.htm for more information. In this context, the metadata of each individual items will be blocked if the metadata capability is off.解决办法
Access to the file can be blocked for all users by navigating to config-store/services/(service name).ImageServer/esriinfo/metadata and renaming or deleting the metadata.xml file. This will cause the Metadata operation page for that service to appear blank. No service restart is required.
This is a rather crude workaround, as it involves modifying backend files to block access to the metadata. It may not be a sustainable approach if more image services are expected to be published by various organization members in the future.
Alternatively, access to the service or item can be restricted to selected members if the metadata contains sensitive information (e.g., database or folder connection details).
重现步骤
漏洞 ID: BUG-000176000
软件:
- ArcGIS GIS Server
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序