Back CVE-2022-42126 User permissions are not checked for DepotGroupItemSelectorProvider


The Asset Libraries module in Liferay Portal 7.3.5 through does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.


4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Version(s)

  • Liferay Portal 7.3.5 - 7.3.7
  • Liferay Portal 7.4.0 -

Fixed Version(s)

There is no fix available for Liferay Portal 7.3. Please upgrade to Liferay Portal 7.4.

Publication date: Wed, 19 Oct 2022 06:05:00 +0000

The security advisories on this page is for Liferay's open source projects (e.g., Liferay Portal). Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are available in Help Center.