Lucene search
PRIOn knowledge basePRION:CVE-2022-42123HistoryNov 15, 2022 - 1:15 a.m.
Design/Logic Flaw
2022-11-1501:15:00
PRIOn knowledge base
www.prio-n.com
4
zip slip
elasticsearch connector
liferay portal
filesystem
vulnerability
malicious plugin
0.001 Low
EPSS
Percentile
45.1%
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| digital_experience_platform | eq | 7.3 | |
| digital_experience_platform | eq | 7.4 | |
| liferay_portal | ge | 7.3.3 | |
| liferay_portal | lt | 7.4.3.19 |
Related
github
github
Path Traversal in Liferay Portal
2022-11-15 12:00:16
cve
cve
CVE-2022-42123
2022-11-15 01:15:13
osv
osv
Path Traversal in Liferay Portal
2022-11-15 12:00:16
BIT-liferay-2022-42123
2024-01-31 15:20:43
CVE-2022-42123
2022-11-15 01:15:13
cvelist
cvelist
CVE-2022-42123
2022-11-15 00:00:00
nvd
nvd
CVE-2022-42123
2022-11-15 01:15:13