CVE-2022-42130

Incorrect Default Permissions in maven/com.liferay.portal/release.portal.bom

Identifiers

GHSA-mxvq-cv4x-p3jw, CVE-2022-42130

Package Slug

maven/com.liferay.portal/release.portal.bom

Vulnerability

Incorrect Default Permissions

Description

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.

Affected Versions

All versions starting from 7.1.0 before 7.4.3.5

Solution

Upgrade to version 7.4.3.5 or above.

Last Modified

2022-11-22

source