CVE-2022-38512

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.12 through 7.4.3.36 Liferay DXP 7.4 update 8 through 36

Description The Translation module does not check permissions before allowing a user to export a web content for translation. This allows attackers to download a web content page's XLIFF translation file via a crafted URL.

Recommendations For Liferay Portal versions 7.4.3.12 through 7.4.3.36, consider restricting access to the Translation module until a patch is available. For Liferay DXP 7.4 update 8 through 36, consider disabling the export functionality for web content translation as a temporary workaround.

Fix

Improper Privilege Management

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-862

Related Identifiers

CVE-2022-38512

GHSA-H9WW-WJG4-JVVG

Affected Products

Liferay Dxp

Liferay Portal

CVE-2022-38512

Weakness Enumeration

Related Identifiers

Affected Products

References · 11