Liferay Portal Incorrect Default Permissions Vulnerability - CVE-2022-26595
Reference:
CVE-2022-26595
Title:
Liferay Portal Incorrect Default Permissions Vulnerability
Overview:
Liferay Portal 7.3.7 7.4.0 and 7.4.1 and Liferay DXP 7.2 fix pack 13 and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups which allows remote authenticated users to view sites/groups via the user39s site membership assignment UI.