CVE-2022-45320 – com.liferay.portal:release.portal.bom

Package

Manager: maven
Name: com.liferay.portal:release.portal.bom
Vulnerable Version: >=0 <7.4.3.16

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00526 pctl0.66081

Details

Privilege escalation in Liferay Portal Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.

Metadata

Created: 2024-02-20T06:30:29Z
Modified: 2025-03-31T13:33:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-mc8m-4r3w-q2hw/GHSA-mc8m-4r3w-q2hw.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-mc8m-4r3w-q2hw
Finding: F159
Auto approve: 1