CVE-2022-42129

MEDIUM4.3EPSS 0.19%

Authorization Bypass in Liferay Portal

發布日:2022/11/15修改日:2024/2/19

描述

An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.

受影響套件(2)

Bitnami/liferay>= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0
Maven/com.liferay.portal:release.portal.bom>= 7.3.2, < 7.4.3.5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-42129
WEBhttp://liferay.com
WEBhttps://issues.liferay.com/browse/LPE-17448
WEBhttps://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129