The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.
References
Link | Resource |
---|---|
http://liferay.com | Product |
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
26 Sep 2022, 15:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://liferay.com - Product | |
References | (MISC) https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512 - Release Notes, Vendor Advisory | |
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Liferay dxp
Liferay Liferay liferay Portal |
|
CPE | cpe:2.3:a:liferay:dxp:7.4:update_28:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_33:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_20:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_14:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_29:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_22:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_30:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_3:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_18:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_17:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_9:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_15:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_25:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_23:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_10:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_13:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_31:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_24:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_19:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_21:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_35:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_26:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_36:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_32:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_27:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_12:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_8:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_34:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_16:*:*:*:*:*:* cpe:2.3:a:liferay:dxp:7.4:update_11:*:*:*:*:*:* |
22 Sep 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-22 01:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38512
Mitre link : CVE-2022-38512
CVE.ORG link : CVE-2022-38512
JSON object : View
Products Affected
liferay
- dxp
- liferay_portal
CWE
CWE-862
Missing Authorization