Description
A vulnerability in Liferay Portal and Liferay DXP allows sensitive user data to be included in the Freemarker template. This weakness permits an unauthorized actor to gain access to, and potentially render, confidential information that should remain restricted.
Severity
4.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)
Affected Version(s)
- Liferay Portal 7.4.0 through 7.4.3.132
- Liferay DXP 7.4
- Liferay DXP 2023.Q3
- Liferay DXP 2023.Q4
- Liferay DXP 2024.Q1.1 through 2024.Q1.12
- Liferay DXP 2024.Q2
- Liferay DXP 2024.Q3
- Liferay DXP 2024.Q4.0 through 2024.Q4.5
- Liferay DXP 2025.Q1.1 through 2025.Q1.4
Fixed Version(s)
- Liferay Portal fixed on master branch
- Liferay DXP 2024.Q1.13
- Liferay DXP 2024.Q4.6
- Liferay DXP 2025.Q1.5
- Liferay DXP 2025.Q2.0
Publication date: Fri, 03 Oct 2025 09:08:00 +0000