Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1teHZxLWN2NHgtcDNqd84AAv3m
Incorrect Default Permissions in Liferay Portal
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.
Permalink: https://github.com/advisories/GHSA-mxvq-cv4x-p3jwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teHZxLWN2NHgtcDNqd84AAv3m
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-mxvq-cv4x-p3jw, CVE-2022-42130
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-42130
- https://issues.liferay.com/browse/LPE-17447
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130
- https://github.com/advisories/GHSA-mxvq-cv4x-p3jw
Affected Packages
maven:com.liferay.portal:release.portal.bom
Dependent packages: 5Dependent repositories: 33
Downloads:
Affected Version Ranges: >= 7.1.0, < 7.4.3.5
Fixed in: 7.4.3.5
All affected versions: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.4.0, 7.4.1, 7.4.2
All unaffected versions: 7.0.6