[LPE-17593] LSV-1103: User permissions are not checked for DepotGroupItemSelectorProvider - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- 7.3.10-u8

CVE IDs:
CVE-2022-42126
CVSS Base Score:
4.3
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.3 Fix Pack Version:
8
7.4 Fix Pack Version:
29

Description

The Asset Libraries module in Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 28/Jun/22 5:31 AM

Updated:: 18/Oct/22 11:18 PM

Resolved:: 18/Oct/22 11:18 PM

Packages

Version	Package