Description

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.

Related CPE's

a

liferay

digital_experience_platform

2

a

liferay

liferay_portal

Vulnerable

References

http://liferay.com

Vendor Advisory

https://issues.liferay.com/browse/LPE-17607

Vendor Advisory

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42127

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-276

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-11-15T01:15:13.347

2 years ago

Last modified

2022-11-18T16:59:45.817

2 years ago