CVE-2022-42128

Incorrect Default Permissions in maven/com.liferay.portal/release.portal.bom

Identifiers

GHSA-wgqm-qp44-cg6x, CVE-2022-42128

Package Slug

maven/com.liferay.portal/release.portal.bom

Vulnerability

Incorrect Default Permissions

Description

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.

Affected Versions

All versions starting from 7.4.1 up to 7.4.3.4

Solution

Upgrade to version 7.4.3.5 or above.

Last Modified

2022-11-22

source