-
Notifications
You must be signed in to change notification settings - Fork 351
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
bbaebb4
commit 9667948
Showing
2 changed files
with
99 additions
and
36 deletions.
There are no files selected for viewing
99 changes: 99 additions & 0 deletions
99
advisories/github-reviewed/2024/02/GHSA-xq4r-4xfh-vch8/GHSA-xq4r-4xfh-vch8.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-xq4r-4xfh-vch8", | ||
| "modified": "2025-01-28T23:15:23Z", | ||
| "published": "2024-02-20T15:31:05Z", | ||
| "aliases": [ | ||
| "CVE-2024-26270" | ||
| ], | ||
| "summary": "Liferay Portal and Liferay DXP vulnerable to theft of hashed password", | ||
| "details": "The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "ecosystem": "Maven", | ||
| "name": "com.liferay.portal:release.portal.bom" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "7.4.3.76" | ||
| }, | ||
| { | ||
| "fixed": "7.4.3.100" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "package": { | ||
| "ecosystem": "Maven", | ||
| "name": "com.liferay.portal:release.dxp.bom" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "2023.Q3" | ||
| }, | ||
| { | ||
| "fixed": "2023.Q3.5" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "package": { | ||
| "ecosystem": "Maven", | ||
| "name": "com.liferay.portal:release.dxp.bom" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "7.4.0" | ||
| }, | ||
| { | ||
| "last_affected": "7.4.13.u92" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26270" | ||
| }, | ||
| { | ||
| "type": "PACKAGE", | ||
| "url": "https://github.com/liferay/liferay-portal" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-201" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": true, | ||
| "github_reviewed_at": "2025-01-28T23:15:23Z", | ||
| "nvd_published_at": "2024-02-20T14:15:09Z" | ||
| } | ||
| } |
36 changes: 0 additions & 36 deletions
36
advisories/unreviewed/2024/02/GHSA-xq4r-4xfh-vch8/GHSA-xq4r-4xfh-vch8.json
This file was deleted.
Oops, something went wrong.