-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
-
Component/s: Security Vulnerability, WCM > Sites Management
-
CVSS Base Score:5.3
-
CVSS Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-
7.0 Fix Pack Version:92
-
7.1 Fix Pack Version:18
-
7.2 Fix Pack Version:5
Liferay DXP 7.0, 7.1 and 7.2 does not properly restrict access to the sitemap.xml of staged public pages, which allows remote attackers to access sitemap.xml and learn of the existence and count of pages in the staging site. This issue only affects sites where the staging public pages has been assigned a virtual host.