CVE-2022-42127

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.5 through 7.4.3.36 Liferay DXP 7.4 update 1 through 36

Description The issue concerns the Friendly Url module, which does not properly check user permissions. This allows remote attackers to obtain the history of all friendly URLs assigned to a page.

Recommendations For Liferay Portal versions 7.4.3.5 through 7.4.3.36, consider restricting access to the Friendly Url module until a patch is available. For Liferay DXP 7.4 update 1 through 36, consider disabling the Friendly Url module as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.