<p>Upgrade <code>com.liferay.portal:com.liferay.portal.impl</code> to version 6.05 or higher.</p>

Access Restriction Bypass Affecting com.liferay.portal:com.liferay.portal.impl package, versions [,6.05)

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.08% (35^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-COMLIFERAYPORTAL-2767966
published 20 Apr 2022
disclosed 20 Apr 2022
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 20 Apr 2022

CVE-2022-26595 Open this link in a new tab CWE-284 Open this link in a new tab

How to fix?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 6.05 or higher.

Overview

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Access Restriction Bypass by not properly checking user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.