Description

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.

Remediation

References

CVE-2022-42123

Related Vulnerabilities

WordPress Plugin Custom Website Data Cross-Site Request Forgery (1.2)

IBM WebSEAL Other Vulnerability (CVE-2023-30998)

WordPress Plugin WooCommerce EnvioPack Cross-Site Scripting (1.2)

Oracle Database Server CVE-2012-1747 Vulnerability (CVE-2012-1747)

Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-40898)

Severity

High

Classification

CVE-2022-42123 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities