The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2024-02-20T08:51:32.953Z
Updated: 2024-08-01T23:44:09.695Z
Reserved: 2024-02-08T13:57:11.425Z
Link: CVE-2024-25605
Vulnrichment
Updated: 2024-08-01T23:44:09.695Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T09:15:09.323
Modified: 2024-02-20T19:50:53.960
Link: CVE-2024-25605
Redhat
No data.