Lucene search

[email protected]NVD:CVE-2022-42123

HistoryNov 15, 2022 - 1:15 a.m.

CVE-2022-42123

2022-11-1501:15:13

CWE-22

[email protected]

web.nvd.nist.gov

elasticsearch

zip slip

liferay portal

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

45.1%

JSON

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.

Affected configurations

NVD

Node

liferaydigital_experience_platformMatch7.3-

liferaydigital_experience_platformMatch7.4-

liferayliferay_portalRange7.3.3–7.4.3.19

References

liferay.com

issues.liferay.com/browse/LPE-17518

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for NVD:CVE-2022-42123

github1 cve1 osv3 cvelist1 prion1