LSV-1116: Friendly URL history accessible to unauthorized users

Affects versions

None

Fix versions

None

7.0 Fix Pack Version

None

7.1 Fix Pack Version

None

7.2 Fix Pack Version

None

7.3 Fix Pack Version

None

7.4 Fix Pack Version

CVE IDs

CVE-2022-42127

CVSS Base Score

5.3

CVSS Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Labels

None

Description

The Friendly Url module in Liferay DXP 7.4 update 1 though 36 does not properly check user permission, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.

Activity

Show:

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
EE Support
Reporter
Enterprise Release HU
Priority
Low

Zendesk Support

Created July 25, 2022 at 2:54 AM

Updated October 18, 2022 at 11:41 PM

Resolved October 18, 2022 at 11:41 PM

Configure

LSV-1116: Friendly URL history accessible to unauthorized users

Affects versions

Fix versions

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

7.4 Fix Pack Version

CVE IDs

CVSS Base Score

CVSS Vector String

Labels

Description

Activity

DetailsAssigneeEE SupportEE SupportReporterEnterprise Release HUEnterprise Release HUPriorityLow

Details

Assignee

Reporter

Priority

Zendesk SupportLinked Tickets

Zendesk Support

Details
Assignee
EE Support
Reporter
Enterprise Release HU
Priority
Low

Zendesk Support