The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2023-08-02T09:40:28.090Z
Updated: 2024-08-02T06:55:03.498Z
Reserved: 2023-06-27T05:43:01.235Z
Link: CVE-2023-3426
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-02T10:15:09.887
Modified: 2023-08-05T03:45:57.627
Link: CVE-2023-3426
Redhat
No data.