Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16991

Unauthorized access to staged public pages's sitemap.xml

    Details

    • CVSS Base Score:
      5.3
    • CVSS Vector String:
      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    • 7.0 Fix Pack Version:
      92
    • 7.1 Fix Pack Version:
      18
    • 7.2 Fix Pack Version:
      5

      Description

      Liferay DXP 7.0, 7.1 and 7.2 does not properly restrict access to the sitemap.xml of staged public pages, which allows remote attackers to access sitemap.xml and learn of the existence and count of pages in the staging site. This issue only affects sites where the staging public pages has been assigned a virtual host.

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE
                7.2.X EE