Description
The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36 does not properly check user permission, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.
Severity
null (null)
Notes
There is no patch available for Liferay Portal 7.4. Instead, users should upgrade to Liferay Portal 7.4 GA37 (7.4.3.37) or later.
Acknowledgments
4rth4s
Publication date: Wed, 19 Oct 2022 06:24:00 +0000