Vulnerability Description
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Dxp | 7.4 |
| Liferay | Liferay Portal | >= 7.4.3.12, <= 7.4.3.36 |
Related Weaknesses (CWE)
References
- http://liferay.comProduct
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisheRelease NotesVendor Advisory
- http://liferay.comProduct
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisheRelease NotesVendor Advisory
FAQ
What is CVE-2022-38512?
CVE-2022-38512 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation,...
How severe is CVE-2022-38512?
CVE-2022-38512 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-38512?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Dxp, Liferay Liferay Portal.