BIT-liferay-2022-42126

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2022-42126.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-liferay-2022-42126

Aliases

Published

2024-01-31T15:20:16.198Z

Modified

2024-02-19T10:36:29.170Z

Summary

[none]

Details

The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.

Database specific

{
    "cpes": [
        "cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / liferay

Package

Name: liferay
Purl: pkg:bitnami/liferay

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.3.0

Last affected

7.3.0

Introduced

7.4.0

Last affected

7.4.0

Type: SEMVER
Events: Introduced

7.4-update1.0

Last affected

7.4-update1.0