CVE-2020-15840
Description
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property portlet.resource.id.banned.paths.regexp can be bypassed with doubled encoded URLs.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.194
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Liferay - release.dxp.bom 7.1.10 | Windows |
| Vulnerabilities CVE-2021-33325,CVE-2021-33333,CVE-2020-15840 are fixed in Liferay - release.dxp.bom 7.0.10 | Windows |
| Vulnerabilities CVE-2021-33325,CVE-2021-33323,CVE-2021-33332,CVE-2020-15840,CVE-2020-13444 are fixed in Liferay - release.dxp.bom 7.2.10 | Windows |
| Vulnerabilities CVE-2020-15840 are fixed in Liferay - release.portal.bom 7.3.1 | Windows |
| Vulnerabilities CVE-2020-15840 are fixed in Liferay - com.liferay.portal.impl 7.4.0 | Windows |
| Vulnerabilities CVE-2020-15840 are fixed in Liferay - com.liferay.portal.impl 7.1.3 | Windows |
| Multiple vulnerabilities are fixed in Liferay - release.dxp.bom for Linux 7.1.10 | Linux |
| Vulnerabilities CVE-2021-33325,CVE-2021-33333,CVE-2020-15840 are fixed in Liferay - release.dxp.bom for Linux 7.0.10 | Linux |
| Vulnerabilities CVE-2021-33325,CVE-2021-33323,CVE-2021-33332,CVE-2020-15840,CVE-2020-13444 are fixed in Liferay - release.dxp.bom for Linux 7.2.10 | Linux |
| Vulnerabilities CVE-2020-15840 are fixed in Liferay - release.portal.bom for Linux 7.3.1 | Linux |
| Vulnerabilities CVE-2020-15840 are fixed in Liferay - com.liferay.portal.impl for Linux 7.4.0 | Linux |
| Vulnerabilities CVE-2020-15840 are fixed in Liferay - com.liferay.portal.impl for Linux 7.1.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234