The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.
References
Link | Resource |
---|---|
http://liferay.com | Vendor Advisory |
https://issues.liferay.com/browse/LPE-17593 | Vendor Advisory |
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-11-15 01:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-42126
Mitre link : CVE-2022-42126
CVE.ORG link : CVE-2022-42126
JSON object : View
Products Affected
liferay
- liferay_portal
- digital_experience_platform
CWE