CVE-2022-42129

Authorization Bypass Through User-Controlled Key in maven/com.liferay.portal/release.portal.bom

Identifiers

GHSA-g6x4-57hp-j4xm, CVE-2022-42129

Package Slug

maven/com.liferay.portal/release.portal.bom

Vulnerability

Authorization Bypass Through User-Controlled Key

Description

An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter.

Affected Versions

All versions starting from 7.3.2 before 7.4.3.5

Solution

Upgrade to version 7.4.3.5 or above.

Last Modified

2022-11-22

source