Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-38512

Good to know:

icon

Date: September 21, 2022

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.

Language: Java

Severity Score

Related Resources (9)

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512
https://liferay.atlassian.net/browse/LPE-17610
https://github.com/liferay/liferay-portal
https://github.com/liferay/liferay-portal/commit/1934094578ddcd2c1f3d37593b493d3991a6a20f
https://github.com/liferay/liferay-portal/commit/48fd5698fc1935a90e9c5013c328dbc369ba353d
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-38512?p_r_p_assetEntryId=121612585&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612585%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
https://nvd.nist.gov/vuln/detail/CVE-2022-38512
http://liferay.com
https://www.mend.io/vulnerability-database/CVE-2022-38512

Severity Score

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Missing Authorization

CWE-862

Top Fix

icon

Upgrade Version

Upgrade to version com.liferay:com.liferay.translation.web:2.0.58;com.liferay.portal:release.dxp.bom:7.4.13.u37

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us