CVE-2020-13444

Source
https://cve.org/CVERecord?id=CVE-2020-13444
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13444.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13444
Aliases
Published
2020-06-10T19:15:09.883Z
Modified
2026-07-08T16:26:48.369956Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": [
        "cpe:2.3:a:liferay:liferay_portal:7.1:ga1:*:*:community:*:*:*",
        "cpe:2.3:a:liferay:liferay_portal:7.1.1:ga2:*:*:community:*:*:*",
        "cpe:2.3:a:liferay:liferay_portal:7.1:ga2:*:*:community:*:*:*",
        "cpe:2.3:a:liferay:liferay_portal:7.1:ga3:*:*:community:*:*:*",
        "cpe:2.3:a:liferay:liferay_portal:7.2:ga1:*:*:community:*:*:*",
        "cpe:2.3:a:liferay:liferay_portal:7.3:ga1:*:*:community:*:*:*",
        "cpe:2.3:a:liferay:liferay_portal:7.3:ga2:*:*:community:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "7.1-ga1"
        },
        {
            "last_affected": "7.1-ga1"
        },
        {
            "introduced": "7.1.1-ga2"
        },
        {
            "last_affected": "7.1.1-ga2"
        },
        {
            "introduced": "7.1-ga2"
        },
        {
            "last_affected": "7.1-ga2"
        },
        {
            "introduced": "7.1-ga3"
        },
        {
            "last_affected": "7.1-ga3"
        },
        {
            "introduced": "7.2-ga1"
        },
        {
            "last_affected": "7.2-ga1"
        },
        {
            "introduced": "7.3-ga1"
        },
        {
            "last_affected": "7.3-ga1"
        },
        {
            "introduced": "7.3-ga2"
        },
        {
            "last_affected": "7.3-ga2"
        }
    ]
}

Affected versions

7.*
7.1-ga1
7.1-ga2
7.1-ga3
7.2-ga1
7.3-ga1
7.3-ga2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13444.json"