[LPE-16456] Unauthorized access to portlet configuration - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10)
Fix Version/s: 7.0.X EE, 7.1.x EE
Component/s: Application Security > Permissions, Security Vulnerability
Labels:

7.0 Fix Pack Version:
59

Description

Portlet configuration in Liferay DXP 7.0 does not properly verify permission which may lead to attackers changing portlet configuration settings and gaining access to sensitive information via crafted URL.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Jun/18 5:53 AM

Updated:: 10/May/19 5:52 AM

Resolved:: 03/Oct/18 10:41 AM

Packages

Version	Package
7.0.X EE
7.1.x EE