com.liferay.portal.store.s3 is vulnerable to information disclosure. The S3 store’s proxy password is not obfuscated, allowing attackers to steal the password via man-in-the-middle attacks or shoulder surfing.
CPE | Name | Operator | Version |
---|---|---|---|
com.liferay.portal.store.s3 | le | 4.0.31 | |
com.liferay.portal.store.s3 | le | 3.0.48 | |
com.liferay.portal.store.s3 | le | 2.0.47 |