First published: Thu Sep 22 2022(Updated: )
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.4-update_10 | |
Liferay DXP | =7.4-update_11 | |
Liferay DXP | =7.4-update_12 | |
Liferay DXP | =7.4-update_13 | |
Liferay DXP | =7.4-update_14 | |
Liferay DXP | =7.4-update_15 | |
Liferay DXP | =7.4-update_16 | |
Liferay DXP | =7.4-update_17 | |
Liferay DXP | =7.4-update_18 | |
Liferay DXP | =7.4-update_19 | |
Liferay DXP | =7.4-update_20 | |
Liferay DXP | =7.4-update_21 | |
Liferay DXP | =7.4-update_22 | |
Liferay DXP | =7.4-update_23 | |
Liferay DXP | =7.4-update_24 | |
Liferay DXP | =7.4-update_25 | |
Liferay DXP | =7.4-update_26 | |
Liferay DXP | =7.4-update_27 | |
Liferay DXP | =7.4-update_28 | |
Liferay DXP | =7.4-update_29 | |
Liferay DXP | =7.4-update_3 | |
Liferay DXP | =7.4-update_30 | |
Liferay DXP | =7.4-update_31 | |
Liferay DXP | =7.4-update_32 | |
Liferay DXP | =7.4-update_33 | |
Liferay DXP | =7.4-update_34 | |
Liferay DXP | =7.4-update_35 | |
Liferay DXP | =7.4-update_36 | |
Liferay DXP | =7.4-update_8 | |
Liferay DXP | =7.4-update_9 | |
Liferay Liferay Portal | >=7.4.3.12<=7.4.3.36 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38512 is a vulnerability in the Translation module of Liferay Portal and Liferay DXP that allows attackers to download a web content page's XLIFF translation file via a crafted URL.
CVE-2022-38512 has a severity score of 6.5, which is classified as medium severity.
CVE-2022-38512 affects Liferay Portal v7.4.3.12 through v7.4.3.36 and Liferay DXP 7.4 update 8 through 36.
To fix CVE-2022-38512, it is recommended to upgrade Liferay Portal or Liferay DXP to a version beyond the affected range.
More information about CVE-2022-38512 can be found on the Liferay website and the Liferay portal.dev documentation.