Liferay Portal 7.4.3.4 < 7.4.3.49 Authentication Bypass

The Object module in Liferay Portal and Liferay DXP does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. Note that Nessus has not tested...

CVE-2023-33946

creationtimestamp| type| source ---|---|--- 2023-05-24 20:27:17+00:00| seen| https://t.me/cibsecurity/64696...

CVE-2023-33946

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope...

CVE-2023-33946

Summary: CVE-2023-33946 affects Liferay Portal 7.4.3.4–7.4.3.48 and Liferay DXP 7.4 before update 49, where the Object module fails to properly isolate objects across different virtual instances. This allows remote authenticated users in one instance to view objects in another via the OAuth 2 sco...