Authorization Bypass

2020-09-2503:54:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

47.1%

JSON

portal-impl is vulnerable to authorization bypass. The property portlet.resource.id.banned.paths.regexp can be bypassed with doubled encoded URLs.

CPENameOperatorVersion
liferay portal implle7.0.0-nightly
liferay portal implle3.52.5
liferay portal implle4.22.7
liferay portal implle2.68.5
liferay portal implle5.10.4

Name	Operator	Version
liferay portal impl	le	7.0.0-nightly
liferay portal impl	le	3.52.5
liferay portal impl	le	4.22.7
liferay portal impl	le	2.68.5
liferay portal impl	le	5.10.4

References

github.com/community-security-team/liferay-portal/commit/9dc1141fcde16cfb6819943aedebbb5113d09de2

github.com/community-security-team/liferay-portal/commit/af5048f91a569026aba6037846b6322d56c4dc74

issues.liferay.com/browse/LPE-17046

portal.liferay.dev/learn/security/known-vulnerabilities

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204

0.001 Low

EPSS

Percentile

47.1%

JSON

Related for VERACODE:27248