The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-11-15T00:00:00
Updated: 2024-08-03T13:03:44.987Z
Reserved: 2022-10-03T00:00:00
Link: CVE-2022-42128
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-11-15T01:15:13.430
Modified: 2022-11-18T17:01:16.393
Link: CVE-2022-42128
Redhat
No data.