Liferay DXP Incorrect Authorization Vulnerability - CVE-2024-25149
Liferay Portal 7.2.0 through 7.4.1 and older unsupported versions and Liferay DXP 7.3 before service pack 3 7.2 before fix pack 15 and older unsupported versions does not properly restrict membership of a child site when the quotLimit membership to members of the parent sitequot option is enabled which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.