[LPE-17407] LSV-955: Unauthorized access to DDL Data Definition - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.1 DXP (7.1.10)
Fix Version/s: 7.1.x EE
Component/s: Dynamic Data Lists, Dynamic Data Mapping, Forms, Security Vulnerability
Labels:

CVSS Base Score:
5.3
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.1 Fix Pack Version:
27

Description

The Dynamic Data List module in Liferay DXP grants guest users view permission to data definition by default, which allows remote attackers to view any data definition via the UI or API.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Oct/21 8:08 PM

Updated:: 13/Jul/22 3:14 PM

Resolved:: 13/Jul/22 3:14 PM

Packages

Version	Package
7.1.x EE