GHSA-g6x4-57hp-j4xm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g6x4-57hp-j4xm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-g6x4-57hp-j4xm/GHSA-g6x4-57hp-j4xm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g6x4-57hp-j4xm
- Aliases
-
- BIT-liferay-2022-42129
- CVE-2022-42129
- Published
- 2022-11-15T12:00:16Z
- Modified
- 2023-12-06T01:02:40.171431Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Authorization Bypass in Liferay Portal
- Details
-
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the
formInstanceRecordIdparameter. - Database specific
{ "nvd_published_at": "2022-11-15T02:15:00Z", "github_reviewed_at": "2022-11-21T23:49:44Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-639" ] }- References
Affected packages
Maven / com.liferay.portal:release.portal.bom
Package
- Name
- com.liferay.portal:release.portal.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.portal.bom