GHSA-wgqm-qp44-cg6x, CVE-2022-42128
maven/com.liferay.portal/release.portal.bom
Incorrect Default Permissions
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
All versions starting from 7.4.1 up to 7.4.3.4
Upgrade to version 7.4.3.5 or above.
2022-11-22
source |