Lucene search
PRIOn knowledge basePRION:CVE-2023-33946HistoryMay 24, 2023 - 4:15 p.m.
Design/Logic Flaw
2023-05-2416:15:00
PRIOn knowledge base
www.prio-n.com
5
design/logic flaw
object module
liferay portal
remote authenticated users
virtual instances
oauth 2
The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.
Related
osv
osv
Liferay portal unauthorized access to objects via OAuth 2 scope
2023-05-24 18:30:26
BIT-liferay-2023-33946
2024-01-31 15:17:53
CVE-2023-33946
2023-05-24 16:15:09
veracode
veracode
Improper Access Control
2023-06-15 04:48:41
github
github
Liferay portal unauthorized access to objects via OAuth 2 scope
2023-05-24 18:30:26
nvd
nvd
CVE-2023-33946
2023-05-24 16:15:09
cvelist
cvelist
CVE-2023-33946
2023-05-24 15:28:28
cve
cve
CVE-2023-33946
2023-05-24 16:15:09
nessus
nessus
Liferay Portal 7.4.3.4 < 7.4.3.49 Authentication Bypass
2023-05-29 00:00:00