GHSA-474f-cmx5-gm69

Source

https://github.com/advisories/GHSA-474f-cmx5-gm69

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-474f-cmx5-gm69/GHSA-474f-cmx5-gm69.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-474f-cmx5-gm69

Aliases

CVE-2021-33324

Published

2022-05-24T19:09:46Z

Modified

2025-05-28T21:13:28.358764Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Liferay Portal and Liferay DXP Don't Check Permissions of Pages

Details

The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2021-08-03T19:15:00Z",
    "cwe_ids": [
        "CWE-276"
    ],
    "github_reviewed_at": "2025-05-28T20:08:55Z",
    "severity": "MODERATE"
}

References

Affected packages

Maven

com.liferay.portal:release.portal.bom

Package

Name: com.liferay.portal:release.portal.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.portal.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.1.0

Fixed

7.3.2

Affected versions

7.*

7.1.0

7.1.1

7.1.2

7.1.3

7.1.3-1

7.2.0

7.2.1

7.2.1-1

7.3.0

7.3.0-1

7.3.1

7.3.1-1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-474f-cmx5-gm69/GHSA-474f-cmx5-gm69.json"

last_known_affected_version_range

"<= 7.3.1"

com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.1.10.fp20

Affected versions

7.*

7.0.10.fp60

7.0.10.fp61

7.0.10.fp62

7.0.10.fp63

7.0.10.fp64

7.0.10.fp65

7.0.10.fp66

7.0.10.fp67

7.0.10.fp68

7.0.10.fp69

7.0.10.fp70

7.0.10.fp71

7.0.10.fp72

7.0.10.fp73

7.0.10.fp74

7.0.10.fp75

7.0.10.fp76

7.0.10.fp77

7.0.10.fp78

7.0.10.fp79

7.0.10.fp80

7.0.10.fp81

7.0.10.fp82

7.0.10.fp83

7.0.10.fp84

7.0.10.fp85

7.0.10.fp85-1

7.0.10.fp86

7.0.10.fp86-1

7.0.10.fp87

7.0.10.fp87-1

7.0.10.fp88

7.0.10.fp89

7.0.10.fp90

7.0.10.fp91

7.0.10.fp92

7.0.10.fp94

7.0.10.fp94-1

7.0.10.fp95

7.0.10.fp95-1

7.0.10.fp95-2

7.0.10.fp97

7.0.10.fp98

7.0.10.fp100

7.0.10.fp101

7.0.10.fp102

7.0.10.7

7.0.10.8

7.0.10.9

7.0.10.14

7.0.10.14-1

7.0.10.16

7.0.10.17

7.1.10

7.1.10.fp1

7.1.10.fp2

7.1.10.fp3

7.1.10.fp4

7.1.10.fp5

7.1.10.fp6

7.1.10.fp7

7.1.10.fp8

7.1.10.fp9

7.1.10.fp10

7.1.10.fp11

7.1.10.fp12

7.1.10.fp13

7.1.10.fp14

7.1.10.fp15

7.1.10.fp16

7.1.10.fp17

7.1.10.fp18

7.1.10.fp19

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-474f-cmx5-gm69/GHSA-474f-cmx5-gm69.json"

com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.2.0

Fixed

7.2.10.fp5

Affected versions

7.*

7.2.1

7.2.10

7.2.10.fp1

7.2.10.fp1-1

7.2.10.fp2

7.2.10.fp3

7.2.10.fp4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-474f-cmx5-gm69/GHSA-474f-cmx5-gm69.json"