CVE-2022-28981 Path traversal vulnerability in Hypermedia REST APIs

Description

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.

Severity

8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Version(s)

  • Liferay Portal 7.4.0 - 7.4.2

Fixed Version(s)

Publication date: Mon, 24 Jan 2022 16:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.