Headline

CVE-2022-42127: CVE-2022-42127 Friendly URL history accessible to unauthorized users - Liferay Portal - Liferay Faces

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.

2 years ago

CVE

Open in Source

#perl #auth

CVE-2022-42127 Friendly URL history accessible to unauthorized users

Date

Wed, 19 Oct 2022 06:24:00 +0000

Title

CVE-2022-42127 Friendly URL history accessible to unauthorized users

Description

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36 does not properly check user permission, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.

Severity

Severity 2

Notes

There is no patch available for Liferay Portal 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA37 (7.4.3.37) or later.

Credit

4rth4s

The security advisories on this page is for Liferay’s open source projects (e.g., Liferay Portal). Security advisories for Liferay’s enterprise offerings are available in Help Center.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago