Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17518

LSV-1039: Zip Slip vulnerability in Elasticsearch Connector

Details

    • CVE-2022-42123
    • 5.8
    • CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
    • 6
    • 19

    Description

      Zip slip vulnerability in the Elasticsearch Connector in Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.

      Attachments

        Activity

          People

            support-ee EE Support
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                7.3.X EE
                7.4.13 DXP U19