CVE-2022-42127

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.

Related Vulnerabilities

CVE-2017-1000089

MEDIUM
CVSS:5.3(Medium)

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the b...

CWE-2762017

CVE-2018-12160

MEDIUM
CVSS:5.3(Medium)

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory pe...

CWE-2762018

CVE-2019-14861

MEDIUM
CVSS:5.3(Medium)

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS recor...

CWE-2762019

CVE-2019-18366

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

CWE-2762019

CVE-2019-18367

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

CWE-2762019

CVE-2019-18369

MEDIUM
CVSS:5.3(Medium)

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

CWE-2762019