CVE-2022-38512

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:liferay:dxp:7.4:update_10:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_11:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_12:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_13:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_14:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_15:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_16:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_17:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_18:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_19:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_20:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_21:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_22:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_23:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_24:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_25:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_26:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_27:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_28:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_29:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_3:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_30:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_31:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_32:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_33:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_34:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_35:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_36:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_8:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_9:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-269 CWE-862

Information

Published : 2022-09-22 01:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-38512

Mitre link : CVE-2022-38512

CVE.ORG link : CVE-2022-38512


JSON object : View

Products Affected

liferay

  • dxp
  • liferay_portal
CWE
CWE-862

Missing Authorization