Liferay Portal 7.2.0 up to and including 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote malicious users to obtain sensitive information including the targeted user’s email address and current CSRF token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay dxp 7.2 |
||
liferay liferay portal |