CVE-2022-42129

An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:24

Type Values Removed Values Added
References () http://liferay.com - Vendor Advisory () http://liferay.com - Vendor Advisory
References () https://issues.liferay.com/browse/LPE-17448 - Vendor Advisory () https://issues.liferay.com/browse/LPE-17448 - Vendor Advisory
References () https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129 - Vendor Advisory () https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129 - Vendor Advisory

Information

Published : 2022-11-15 02:15

Updated : 2025-04-30 19:15


NVD link : CVE-2022-42129

Mitre link : CVE-2022-42129

CVE.ORG link : CVE-2022-42129


JSON object : View

Products Affected

liferay

  • liferay_portal
  • digital_experience_platform
CWE
CWE-639

Authorization Bypass Through User-Controlled Key