The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
References
| Link | Resource |
|---|---|
| https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3426 | Patch Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Oct 2024, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-425 |
05 Aug 2023, 03:45
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3426 - Patch, Release Notes, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
| CWE | CWE-862 | |
| First Time |
Liferay digital Experience Platform
Liferay liferay Portal Liferay |
|
| CPE | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:* |
02 Aug 2023, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-02 10:15
Updated : 2024-10-02 16:15
NVD link : CVE-2023-3426
Mitre link : CVE-2023-3426
CVE.ORG link : CVE-2023-3426
JSON object : View
Products Affected
liferay
- liferay_portal
- digital_experience_platform