Lucene search
GoogleOSV:GHSA-W6F8-MXF5-4VF8HistoryMay 24, 2023 - 6:30 p.m.
Missing authorization in Liferay portal
2023-05-2418:30:26
Google
osv.dev
7
missing authorization
dynamic data mapping
liferay portal 7.4.3.67
liferay dxp 7.4 update 67
remote attackers
0.001 Low
EPSS
Percentile
40.3%
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.liferay.portal:release.portal.bom | eq | 7.4.3.67 |
Related
veracode
veracode
Missing Authorization
2023-06-14 04:10:17
osv
osv
CVE-2023-33948
2023-05-24 16:15:10
BIT-liferay-2023-33948
2024-01-31 15:17:37
github
github
Missing authorization in Liferay portal
2023-05-24 18:30:26
nessus
nessus
Liferay Portal 7.4.3.67 < 7.4.3.68 Authentication Bypass
2023-05-29 00:00:00
prion
prion
Design/Logic Flaw
2023-05-24 16:15:00
cvelist
cvelist
CVE-2023-33948
2023-05-24 15:42:39
cve
cve
CVE-2023-33948
2023-05-24 16:15:10