PT-2023-24782 · Liferay · Liferay Dxp+1

4Rth4S

Publicado

2023-08-02

Atualizado

2026-01-30

CVE-2023-3426

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.81 through 7.4.3.85 Liferay DXP 7.4 update 81 through 85

Description The organization selector does not check user permission, allowing remote authenticated users to obtain a list of all organizations.

Recommendations For Liferay Portal versions 7.4.3.81 through 7.4.3.85, consider restricting access to the organization selector until a patch is available. For Liferay DXP 7.4 update 81 through 85, consider restricting access to the organization selector until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-425

Identificadores relacionados

BIT-LIFERAY-2023-3426

CVE-2023-3426

GHSA-XPH3-VJCQ-G488

Produtos afetados

Liferay Dxp

Liferay Portal

PT-2023-24782 · Liferay · Liferay Dxp+1

CVE-2023-3426

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9