Sensitive Information Exposure

2024-02-0909:19:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sensitive information exposure

url parameter leakage

wysiwyg editor

remote user impersonation

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.5%

JSON

Liferay Portal is vulnerable to Sensitive Information Exposure. The vulnerability is due to the doAsUserId URL parameter being leaked when creating linked content using the WYSIWYG editor and impersonating a user. This can be exploited to potentially allow remote authenticated users to impersonate another user after accessing the linked content

CPENameOperatorVersion
release.portal.bomle7.4.1-1
release.dxp.bomle7.3.10.fp2
release.dxp.bomle7.2.10.fp14
release.portal.bomle7.4.1-1
release.dxp.bomle7.3.10.fp2
release.dxp.bomle7.2.10.fp14

Name	Operator	Version
release.portal.bom	le	7.4.1-1
release.dxp.bom	le	7.3.10.fp2
release.dxp.bom	le	7.2.10.fp14
release.portal.bom	le	7.4.1-1
release.dxp.bom	le	7.3.10.fp2
release.dxp.bom	le	7.2.10.fp14