GHSA-fvp7-jj9m-3qpf

Опубликовано: 10 сент. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.2

Описание

Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data

An Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entry information via the API Builder.

Ссылки

Пакеты

Наименование

com.liferay:com.liferay.headless.builder.impl

maven

Затронутые версииВерсия исправления

< 1.0.32

1.0.32

EPSS

Процентиль: 11%

0.00038

Низкий

6.2 Medium

CVSS4

CVE ID

CVE-2025-43784

Дефекты

CWE-863

Связанные уязвимости

CVE-2025-43784

CVSS3: 6.5

nvd

5 месяцев назад

Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entries information via the API Builder.

EPSS

Процентиль: 11%

0.00038

Низкий

6.2 Medium

CVSS4

CVE ID

CVE-2025-43784

Дефекты

CWE-863