Description
The OAuth module in Liferay Portal 7.1.0 through 7.2.1 contains an authentication flaw which allows an attacker with a valid OAuth2 token to access the REST application APIs in a different Portal virtual instance.
Severity
Severity 2
Fixed Version(s)
- September 2020 source patch for Liferay Portal 7.2.1. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Mon, 31 Aug 2020 17:00:00 +0000