WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay DXP CVE-2022-42126 Vulnerability (CVE-2022-42126)

Description

The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.

Remediation

References

Related Vulnerabilities

WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)

WordPress Plugin MoodThingy Mood Rating Widget SQL Injection (0.9.1)

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)

Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2023-31122)

Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32674)

Severity

Medium

Classification

CVE-2022-42126 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities