Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-13943

XXE vulnerability in OpenID authentication

    Details

      Description

      Portal use old version of openid4java.jar that is vulnerable to XXE attack. This flaw allows an attacker to read file system, connect to internal systems (SSRF) and perform DoS on portal.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-123

        Attachments

          Activity

            People

            • Assignee:
              steven.smith Steven Smith (Inactive)
              Reporter:
              tibor.lipusz Tibor Lipusz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.1.X EE
                6.2.X EE