CVE-2022-42126

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.5 through 7.4.3.28 Liferay DXP 7.3 before update 8 Liferay DXP 7.4 before update 29

Description The Asset Libraries module does not properly check permissions of asset libraries, allowing remote authenticated users to view asset libraries via the UI.

Recommendations For Liferay Portal versions 7.3.5 through 7.4.3.28, update to a version after 7.4.3.28 to resolve the issue. For Liferay DXP 7.3 before update 8, apply update 8 or later to fix the issue. For Liferay DXP 7.4 before update 29, apply update 29 or later to resolve the issue. As a temporary workaround, consider restricting access to the Asset Libraries module until a patch is available.