CVE-2022-26595
published 2022-04-19CVE-2022-26595: Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | liferay_portal | — | — |
| liferay | liferay_portal | — | — |
| liferay | liferay_portal | — | — |