Liferay Portal Incorrect Default Permissions Vulnerability - CVE-2022-26595 - Vulnerability Database

Liferay Portal Incorrect Default Permissions Vulnerability - CVE-2022-26595

Medium
Reference: CVE-2022-26595
Title: Liferay Portal Incorrect Default Permissions Vulnerability
Overview:

Liferay Portal 7.3.7 7.4.0 and 7.4.1 and Liferay DXP 7.2 fix pack 13 and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups which allows remote authenticated users to view sites/groups via the user39s site membership assignment UI.