VYPR
Moderate severityNVD Advisory· Published Feb 20, 2024· Updated Apr 24, 2025

CVE-2024-25605

CVE-2024-25605

Description

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.liferay.portal:release.portal.bomMaven
>= 7.2.0, < 7.4.3.5-ga57.4.3.5-ga5
com.liferay.portal:release.dxp.bomMaven
< 7.2.10.fp177.2.10.fp17

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.