Description
The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36 does not properly check user permission, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.
Severity
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Version(s)
- Liferay Portal 7.4.3.5 - 7.4.3.36
Fixed Version(s)
Acknowledgments
This issue was reported by 4rth4s
Publication date: Wed, 19 Oct 2022 06:24:00 +0000