CVE-2022-42127 Friendly URL history accessible to unauthorized users

Description

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36 does not properly check user permission, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.

Severity

5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Version(s)

  • Liferay Portal 7.4.3.5 - 7.4.3.36

Fixed Version(s)

Acknowledgments

This issue was reported by 4rth4s

Publication date: Wed, 19 Oct 2022 06:24:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.