[LPE-17595] LSV-1105: Unauthorized access to WikiNodeResource.getSiteWikiNodeByExternalReferenceCode - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

CVE IDs:
CVE-2022-42128
CVSS Base Score:
5.3
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.4 Fix Pack Version:
1

Description

The Hypermedia REST APIs module in Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 07/Jul/22 9:24 AM

Updated:: 18/Oct/22 11:53 PM

Resolved:: 18/Oct/22 11:53 PM

Packages

Version	Package