CST-7106 SSRF vulnerability via templates

Description

Liferay Portal 7.1.0 and earlier is vulnerable to a Server-Side Request Forgery (SSRF) via Web Content templates and Application Display Templates (ADT) which may allow an attacker access to sensitive information.

Workaround: Ensure only trusted individuals have permission to add and edit Web Content templates and Application Display Templates.

Severity

Severity 2

Fixed Version(s)

Publication date: Mon, 12 Nov 2018 09:39:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.