The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.
References
Link | Resource |
---|---|
http://liferay.com | Vendor Advisory |
https://issues.liferay.com/browse/LPE-17593 | Vendor Advisory |
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Nov 2022, 16:55
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://issues.liferay.com/browse/LPE-17593 - Vendor Advisory | |
References | (MISC) http://liferay.com - Vendor Advisory | |
References | (MISC) https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126 - Vendor Advisory | |
First Time |
Liferay
Liferay liferay Portal Liferay digital Experience Platform |
|
CPE | cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | NVD-CWE-noinfo |
15 Nov 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-15 01:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-42126
Mitre link : CVE-2022-42126
CVE.ORG link : CVE-2022-42126
JSON object : View
Products Affected
liferay
- digital_experience_platform
- liferay_portal
CWE