CVE-2022-45320

MEDIUM6.3EPSS 0.36%

Privilege escalation in Liferay Portal

發布日:2024/2/20修改日:2025/3/31

描述

Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.

受影響套件(1)

Maven/com.liferay.portal:release.portal.bomfrom 0, < 7.4.3.16

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-45320
PATCHhttps://github.com/liferay/liferay-portal
WEBhttps://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16
WEBhttps://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320