CVE-2022-26595

Опубликовано: 19 апр. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.

Ссылки

http://liferay.com
Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-26595-unauthorized-access-to-site-group-list
Vendor Advisory
http://liferay.com
Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-26595-unauthorized-access-to-site-group-list
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:7.3.7:*:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:7.4.0:*:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:7.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00112

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-822f-jfpg-hg7h