CVE-2024-25605

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.

Related Vulnerabilities

CVE-2017-1000089

MEDIUM
CVSS:5.3(Medium)

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the b...

CWE-2762017

CVE-2018-12160

MEDIUM
CVSS:5.3(Medium)

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory pe...

CWE-2762018

CVE-2019-14861

MEDIUM
CVSS:5.3(Medium)

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS recor...

CWE-2762019

CVE-2019-18366

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

CWE-2762019

CVE-2019-18367

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

CWE-2762019

CVE-2019-18369

MEDIUM
CVSS:5.3(Medium)

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

CWE-2762019