Description
In Liferay Portal 7.1.3 and possibly earlier unsupported versions, the JAX-RS API does not check for a CSRF token, which allows remote attackers to perform Cross-site request forgery (CSRF) attacks.
Severity
Severity 2
Fixed Version(s)
- June 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Tue, 09 Jun 2020 02:00:00 +0000