admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-421xx/CVE-2022-42126.json
cad-safe-bot db95377d9f Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00

110 lines
3.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-42126",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-15T01:15:13.267",
"lastModified": "2022-11-18T16:55:33.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI."
},
{
"lang": "es",
"value": "El m\u00f3dulo Asset Libraries en Liferay Portal 7.3.5 a 7.4.3.28, y Liferay DXP 7.3 antes de la actualizaci\u00f3n 8, y DXP 7.4 antes de la actualizaci\u00f3n 29 no verifica correctamente los permisos de las librer\u00edas de activos, lo que permite a los usuarios remotos autenticados ver las librer\u00edas de activos a trav\u00e9s de la interfaz de usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*",
"matchCriteriaId": "6F6A98ED-E694-4F39-95D0-C152BD1EC115"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*",
"matchCriteriaId": "96E84DBC-C740-4E23-8D1D-83C8AE49813E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*",
"matchCriteriaId": "8B1B2384-764F-43CC-8206-36DCBE9DDCBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.5",
"versionEndExcluding": "7.4.3.29",
"matchCriteriaId": "7B67012C-9345-40B8-9FB4-CF7AF5116420"
}
]
}
]
}
],
"references": [
{
"url": "http://liferay.com",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://issues.liferay.com/browse/LPE-17593",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink