Description
Liferay Portal 7.1.0 and earlier is vulnerable to a Server-Side Request Forgery (SSRF) via Web Content templates and Application Display Templates (ADT) which may allow an attacker access to sensitive information.
Workaround: Ensure only trusted individuals have permission to add and edit Web Content templates and Application Display Templates.
Severity
Severity 2
Fixed Version(s)
- Liferay Portal 7.1.1
- March 2020 source patch for Liferay Portal 7.0.6. Details for working with source patches can be found on the Patching Liferay Portal page.
- March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Mon, 12 Nov 2018 09:39:00 +0000