CVE-2022-26595

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:7.4.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-04-19 13:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-26595

Mitre link : CVE-2022-26595

CVE.ORG link : CVE-2022-26595


JSON object : View

Products Affected

liferay

  • liferay_portal
  • digital_experience_platform
CWE
CWE-276

Incorrect Default Permissions