Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-13943

XXE vulnerability in OpenID authentication

    Details

      Description

      Portal use old version of openid4java.jar that is vulnerable to XXE attack. This flaw allows an attacker to read file system, connect to internal systems (SSRF) and perform DoS on portal.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-123

        Attachments

          Activity

            People

            Assignee:
            steven.smith Steven Smith (Inactive)
            Reporter:
            tibor.lipusz Tibor Lipusz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                6.1.X EE
                6.2.X EE