Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16991

Unauthorized access to staged public pages's sitemap.xml

Details

    • 5.3
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    • 92
    • 18
    • 5

    Description

      Liferay DXP 7.0, 7.1 and 7.2 does not properly restrict access to the sitemap.xml of staged public pages, which allows remote attackers to access sitemap.xml and learn of the existence and count of pages in the staging site. This issue only affects sites where the staging public pages has been assigned a virtual host.

      Attachments

        Activity

          People

            support-ee EE Support
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                7.0.X EE
                7.1.x EE
                7.2.X EE