Description
Liferay Portal before 7.3.3 does not properly restrict access to the sitemap.xml of staged public pages, which allows remote attackers to access sitemap.xml and learn of the existence and count of pages in the staging site. This issue only affects sites where the staging public pages has been assigned a virtual host.
Severity
Severity 2
Fixed Version(s)
- Liferay Portal 7.3.3
- September 2020 source patch for Liferay Portal 7.2.1. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Mon, 31 Aug 2020 17:00:00 +0000