[LPE-16991] Unauthorized access to staged public pages's sitemap.xml - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
Fix Version/s: 7.0.X EE, 7.1.x EE, 7.2.X EE
Component/s: Security Vulnerability, WCM > Sites Management
Labels:

CVSS Base Score:
5.3
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.0 Fix Pack Version:
92
7.1 Fix Pack Version:
18
7.2 Fix Pack Version:
5

Description

Liferay DXP 7.0, 7.1 and 7.2 does not properly restrict access to the sitemap.xml of staged public pages, which allows remote attackers to access sitemap.xml and learn of the existence and count of pages in the staging site. This issue only affects sites where the staging public pages has been assigned a virtual host.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Apr/20 11:18 PM

Updated:: 14/Jul/20 3:37 AM

Resolved:: 14/Jul/20 3:37 AM

Packages

Version	Package
7.0.X EE
7.1.x EE
7.2.X EE