CST-7315 Unauthorized access to staged public pages's sitemap.xml

Description

Liferay Portal before 7.3.3 does not properly restrict access to the sitemap.xml of staged public pages, which allows remote attackers to access sitemap.xml and learn of the existence and count of pages in the staging site. This issue only affects sites where the staging public pages has been assigned a virtual host.

Severity

Severity 2

Fixed Version(s)

Publication date: Mon, 31 Aug 2020 17:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.