Releases

Back CVE-2022-42127 Friendly URL history accessible to unauthorized users

Description

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36 does not properly check user permission, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.

Severity

null (null)

Notes

There is no patch available for Liferay Portal 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA37 (7.4.3.37) or later.

Acknowledgments

4rth4s

Publication date: Wed, 19 Oct 2022 06:24:00 +0000

The security advisories on this page is for Liferay's open source projects (e.g., Liferay Portal). Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are available in Help Center.