Headline

CVE-2022-42126: CVE-2022-42126 User permissions are not checked for DepotGroupItemSelectorProvider - Liferay Portal - Liferay Faces

The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.

2 years ago

CVE

Open in Source

#perl #auth

CVE-2022-42126 User permissions are not checked for DepotGroupItemSelectorProvider

Date

Wed, 19 Oct 2022 06:05:00 +0000

Title

CVE-2022-42126 User permissions are not checked for DepotGroupItemSelectorProvider

Description

The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.

Severity

Severity 2

Notes

There is no patch available for Liferay Portal 7.3 and 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA29 (7.4.3.29) or later.

The security advisories on this page is for Liferay’s open source projects (e.g., Liferay Portal). Security advisories for Liferay’s enterprise offerings are available in Help Center.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago