GHSA-5x9h-p2gx-35mg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5x9h-p2gx-35mg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-5x9h-p2gx-35mg/GHSA-5x9h-p2gx-35mg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5x9h-p2gx-35mg
- Aliases
- Published
- 2022-11-15T12:00:16Z
- Modified
- 2023-12-06T01:02:40.048162Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Incorrect Default Permissions in Liferay Portal
- Details
-
The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.
- Database specific
{ "nvd_published_at": "2022-11-15T01:15:00Z", "github_reviewed_at": "2022-11-21T23:46:18Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-276" ] }- References
Affected packages
Maven / com.liferay.portal:release.portal.bom
Package
- Name
- com.liferay.portal:release.portal.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.portal.bom
Affected versions
7.*
7.4.3.5
7.4.3.6
7.4.3.7
7.4.3.8
7.4.3.9
7.4.3.10
7.4.3.11
7.4.3.12
7.4.3.13
7.4.3.14
7.4.3.15
7.4.3.16
7.4.3.17
7.4.3.18
7.4.3.19
7.4.3.20
7.4.3.20-ga20
7.4.3.21
7.4.3.21-ga21
7.4.3.22
7.4.3.23
7.4.3.24
7.4.3.25
7.4.3.26
7.4.3.27
7.4.3.28
7.4.3.29
7.4.3.30
7.4.3.31
7.4.3.32
7.4.3.33
7.4.3.34
7.4.3.35
7.4.3.36
7.4.3.37
7.4.3.38
7.4.3.39
7.4.3.40
7.4.3.41
7.4.3.42
7.4.3.43
7.4.3.44
7.4.3.45
7.4.3.46
7.4.3.47