138 matches found
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
Design/Logic Flaw
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
CVE-2022-42128
CVE-2022-42128 affects Liferay Portal 7.4.1–7.4.3.4 and Liferay DXP 7.4 GA. The Hypermedia REST APIs module fails to properly enforce permissions, allowing remote attackers to obtain a WikiNode object through WikiNodeResource.getSiteWikiNodeByExternalReferenceCode. Impact is information disclosur...
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
JSON Web Token (JWT) Weaknesses
JSON Web Tokens, or JWTs, are an encoded set of claims commonly seen in REST APIs and Single page web applications SPAs. These encoded claims are used to provide identification of the requester and other information related to accessing. It is a stateless mechanism, and the token is sent with eve...
GHSA-5J86-VMPX-42PC Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module
Path traversal vulnerability in the Hypermedia REST APIs module before 4.0.12 from Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module
Path traversal vulnerability in the Hypermedia REST APIs module before 4.0.12 from Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
Path traversal
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2022-28981
CVE-2022-28981 is a path traversal vulnerability in the Hypermedia REST APIs module of Liferay Portal 7.4.0–7.4.2. The issue allows remote attackers to access files outside com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter. Impact is file disclosure; CVSS v3.1 base...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
PT-2022-19341 · Liferay · Liferay Portal
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.2 Description: A path traversal issue in the Hypermedia REST APIs module allows remote attackers to access files outside of the intended directory via the parameter parameter. This could potentially...
Deserialization Of Untrusted Data
Apache Geode is vulnerable to deserialization of untrusted data. The vulnerability exists because the process-wide serialization filters are not properly configured on REST APIs which allows an attacker to inject and execute arbitrary code through the untrusted data...
This Week in Spring - June 7th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...
Mitmproxy2Swagger - Automagically Reverse-Engineer REST APIs Via Capturing Traffic
A tool for automatically converting mitmproxy captures to OpenAPI 3.0 specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic. Installation First you will need python3 and pip3. $ pip install mitmproxy2swagger ... or ... ...
Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability
Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...