CST-6238 Remote file disclosure with DDM templates

Description

Remote file disclosure vulnerability in DDM templates in Liferay Portal 6.2.5 and earlier allows remote authenticated users with permission create/edit templates to view any files that are readable by the portal JVM process.

Severity

Severity 1

Fixed Version(s)

Publication date: Mon, 02 Mar 2020 07:21:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.