fkie_nvd - fkie_cve-2022-38512

fkie_cve-2022-38512

Vulnerability from fkie_nvd

Published

2022-09-22 01:15

Modified

2024-11-21 07:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.

References

URL	Tags
cve@mitre.org	http://liferay.com	Product
cve@mitre.org	https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://liferay.com	Product
af854a3a-2127-422b-91ae-364da2661108	https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	dxp	7.4
liferay	liferay_portal	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "3B8C3B3F-1BBB-47A5-A789-B207B6346FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_11:*:*:*:*:*:*",
              "matchCriteriaId": "AD5D1171-954A-4E75-813D-E8392CFE4029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_12:*:*:*:*:*:*",
              "matchCriteriaId": "F148098A-D867-4C8B-9632-6B7F24D50C30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_13:*:*:*:*:*:*",
              "matchCriteriaId": "8A112ED2-27C2-45E3-8FA0-6043F7D3BEED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_14:*:*:*:*:*:*",
              "matchCriteriaId": "0744AC04-9663-4DA1-9657-EC5BF0C68499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_15:*:*:*:*:*:*",
              "matchCriteriaId": "5703FE2B-011A-4A40-AB67-B989438F2183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_16:*:*:*:*:*:*",
              "matchCriteriaId": "41A54448-B1AB-4E92-8523-5D4A46A83533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_17:*:*:*:*:*:*",
              "matchCriteriaId": "A96A2A4A-3EB3-4074-A846-EC6EECC04B43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_18:*:*:*:*:*:*",
              "matchCriteriaId": "56DAE678-10B9-419D-9F5D-96E3AC3A6E4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_19:*:*:*:*:*:*",
              "matchCriteriaId": "064F4C28-B1F5-44C2-91AA-A09FD56EC0B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_20:*:*:*:*:*:*",
              "matchCriteriaId": "814D0CE3-B89F-423C-B1E3-47BD0A474491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_21:*:*:*:*:*:*",
              "matchCriteriaId": "58DB7C5A-B4E3-410A-B491-3F322B340BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_22:*:*:*:*:*:*",
              "matchCriteriaId": "86B581B6-02B0-40B9-BB5C-E28FC51042DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_23:*:*:*:*:*:*",
              "matchCriteriaId": "E7EFBC14-6785-4435-BA96-D77A857BC1C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_24:*:*:*:*:*:*",
              "matchCriteriaId": "585635F8-53DC-4F64-BF6B-C6F72A5F4D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_25:*:*:*:*:*:*",
              "matchCriteriaId": "355DD7FC-E9C7-43D6-8313-0474AB314F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_26:*:*:*:*:*:*",
              "matchCriteriaId": "B0FDE8B1-444A-4FEB-AC97-4B29C914EB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_27:*:*:*:*:*:*",
              "matchCriteriaId": "683D063A-0E32-4E2D-8CBF-A57F45071F6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_28:*:*:*:*:*:*",
              "matchCriteriaId": "7DFEBCAB-1D9B-4BED-A2C6-11BA863F1EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_29:*:*:*:*:*:*",
              "matchCriteriaId": "DB8733C4-8CE4-4E4B-A2AE-919AA69DAF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "25F5C3E9-CBB0-4114-91A4-41F0E666026A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_30:*:*:*:*:*:*",
              "matchCriteriaId": "D372D9B9-5A83-4FF8-8DE5-617D99D1A8B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_31:*:*:*:*:*:*",
              "matchCriteriaId": "7519ABB1-57A7-46F1-97FC-DD44787F2B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_32:*:*:*:*:*:*",
              "matchCriteriaId": "87BD916B-245C-4D62-B595-1985784C2ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_33:*:*:*:*:*:*",
              "matchCriteriaId": "841E15A8-0819-4E48-B7E3-3ACCB4C1F43B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_34:*:*:*:*:*:*",
              "matchCriteriaId": "91A243D9-7633-4836-B72D-75EF6C0F8876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_35:*:*:*:*:*:*",
              "matchCriteriaId": "6E2B1876-78B1-407A-9392-94FFF33AC803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_36:*:*:*:*:*:*",
              "matchCriteriaId": "4C6BBDC0-9D68-4653-9177-E49B847B04ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "65693260-5B0F-47AA-BF08-D2979997A40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "C9116909-04C3-4040-B945-4A6225425520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A78EE0-809C-4D58-9778-296ACB01C1EF",
              "versionEndIncluding": "7.4.3.36",
              "versionStartIncluding": "7.4.3.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page\u0027s XLIFF translation file via crafted URL."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo de traducci\u00f3n de Liferay Portal versiones v7.4.3.12 hasta v7.4.3.36, y Liferay DXP versiones 7.4 update 8 hasta 36, no comprueba los permisos antes de permitir a un usuario exportar un contenido web para su traducci\u00f3n, permitiendo a atacantes descargar el archivo de traducci\u00f3n XLIFF de una p\u00e1gina de contenido web por medio de una URL dise\u00f1ada"
    }
  ],
  "id": "CVE-2022-38512",
  "lastModified": "2024-11-21T07:16:36.483",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-22T01:15:11.897",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "http://liferay.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "http://liferay.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2022-38512

Vulnerability from cvelistv5

Published

2022-09-22 00:17

Modified

2024-08-03 10:54