LPS-48763 Guest users can obtain list of sites and workflow definition

Description

This fix addresses two vulnerabilities which allow a guest user to obtain a list of the sites and workflow definition in the portal by manipulating the URL. The user can only view the name of the site and workflow definition. The user cannot make any changes the the site and workflow definition.

Severity

Severity 2

Fixed Version(s)

6.2.1-ce-ga2-security-3.0 patch (source)

Publication date: Tue, 29 Jul 2014 20:22:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.

Known Vulnerabilities

Releases

Description

Severity

Fixed Version(s)