CST-7301 DDMDataProvider API leaks REST data provider password

Description

Liferay Portal 7.x before 7.3.2, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.

Severity

Severity 1

Fixed Version(s)

Notes

CVE-2020-13444 has been assigned to this vulnerability.

Publication date: Tue, 09 Jun 2020 02:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.