Moderate severityNVD Advisory· Published Aug 18, 2025· Updated Aug 18, 2025
CVE-2025-43732
CVE-2025-43732
Description
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_groupId. When an organization administrator modifies this parameter id value, they can gain unauthorized access to user lists from other organizations.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay:com.liferay.roles.selector.webMaven | < 5.0.32 | 5.0.32 |
Affected products
2- Liferay/DXPv5Range: 7.4.13
Patches
33 files changed · +80 −84
modules/apps/roles/roles-selector-web/src/main/java/com/liferay/roles/selector/web/internal/display/context/EditRolesUsersDisplayContext.java+76 −79 modified@@ -50,89 +50,86 @@ public EditRolesUsersDisplayContext( } public SearchContainer<User> getSearchContainer() throws PortalException { - if (_userSearch != null) { - return _userSearch; - } - - if (GroupPermissionUtil.contains( + if ((_userSearch != null) || + !GroupPermissionUtil.contains( _themeDisplay.getPermissionChecker(), _getGroupId(), ActionKeys.ASSIGN_USER_ROLES)) { - _userSearch = new UserSearch( - _renderRequest, - (PortletURL)_httpServletRequest.getAttribute( - "edit_roles.jsp-portletURL")); - - UserSearchTerms searchTerms = - (UserSearchTerms)_userSearch.getSearchTerms(); - - LinkedHashMap<String, Object> userParams = - LinkedHashMapBuilder.<String, Object>put( - "inherit", Boolean.TRUE - ).put( - "usersGroups", Long.valueOf(_getGroupId()) - ).put( - "userGroupRole", - () -> { - if (Objects.equals( - _httpServletRequest.getAttribute( - "edit_roles.jsp-tabs1"), - "current")) { - - return new Long[] { - Long.valueOf(_getGroupId()), - Long.valueOf(_getRoleId()) - }; - } - - return null; + return _userSearch; + } + + _userSearch = new UserSearch( + _renderRequest, + (PortletURL)_httpServletRequest.getAttribute( + "edit_roles.jsp-portletURL")); + + UserSearchTerms searchTerms = + (UserSearchTerms)_userSearch.getSearchTerms(); + + LinkedHashMap<String, Object> userParams = + LinkedHashMapBuilder.<String, Object>put( + "inherit", Boolean.TRUE + ).put( + "usersGroups", Long.valueOf(_getGroupId()) + ).put( + "userGroupRole", + () -> { + if (Objects.equals( + _httpServletRequest.getAttribute( + "edit_roles.jsp-tabs1"), + "current")) { + + return new Long[] { + Long.valueOf(_getGroupId()), + Long.valueOf(_getRoleId()) + }; } - ).build(); - - if (searchTerms.isAdvancedSearch()) { - _userSearch.setResultsAndTotal( - () -> UserLocalServiceUtil.search( - _themeDisplay.getCompanyId(), - searchTerms.getFirstName(), searchTerms.getMiddleName(), - searchTerms.getLastName(), searchTerms.getScreenName(), - searchTerms.getEmailAddress(), searchTerms.getStatus(), - userParams, searchTerms.isAndOperator(), - _userSearch.getStart(), _userSearch.getEnd(), - _userSearch.getOrderByComparator()), - UserLocalServiceUtil.searchCount( - _themeDisplay.getCompanyId(), - searchTerms.getFirstName(), searchTerms.getMiddleName(), - searchTerms.getLastName(), searchTerms.getScreenName(), - searchTerms.getEmailAddress(), searchTerms.getStatus(), - userParams, searchTerms.isAndOperator())); - } - else { - _userSearch.setResultsAndTotal( - () -> UserLocalServiceUtil.search( - _themeDisplay.getCompanyId(), searchTerms.getKeywords(), - searchTerms.getStatus(), userParams, - _userSearch.getStart(), _userSearch.getEnd(), - _userSearch.getOrderByComparator()), - UserLocalServiceUtil.searchCount( - _themeDisplay.getCompanyId(), searchTerms.getKeywords(), - searchTerms.getStatus(), userParams)); - } - - Role role = _getRole(); - - if (role.getType() == RoleConstants.TYPE_SITE) { - _userSearch.setRowChecker( - new UserGroupRoleUserChecker( - _renderResponse, _getGroup(), role)); - } - else { - _userSearch.setRowChecker( - new OrganizationRoleUserChecker( - _renderResponse, - (Organization)_httpServletRequest.getAttribute( - "edit_roles.jsp-organization"), - role)); - } + + return null; + } + ).build(); + + if (searchTerms.isAdvancedSearch()) { + _userSearch.setResultsAndTotal( + () -> UserLocalServiceUtil.search( + _themeDisplay.getCompanyId(), searchTerms.getFirstName(), + searchTerms.getMiddleName(), searchTerms.getLastName(), + searchTerms.getScreenName(), searchTerms.getEmailAddress(), + searchTerms.getStatus(), userParams, + searchTerms.isAndOperator(), _userSearch.getStart(), + _userSearch.getEnd(), _userSearch.getOrderByComparator()), + UserLocalServiceUtil.searchCount( + _themeDisplay.getCompanyId(), searchTerms.getFirstName(), + searchTerms.getMiddleName(), searchTerms.getLastName(), + searchTerms.getScreenName(), searchTerms.getEmailAddress(), + searchTerms.getStatus(), userParams, + searchTerms.isAndOperator())); + } + else { + _userSearch.setResultsAndTotal( + () -> UserLocalServiceUtil.search( + _themeDisplay.getCompanyId(), searchTerms.getKeywords(), + searchTerms.getStatus(), userParams, _userSearch.getStart(), + _userSearch.getEnd(), _userSearch.getOrderByComparator()), + UserLocalServiceUtil.searchCount( + _themeDisplay.getCompanyId(), searchTerms.getKeywords(), + searchTerms.getStatus(), userParams)); + } + + Role role = _getRole(); + + if (role.getType() == RoleConstants.TYPE_SITE) { + _userSearch.setRowChecker( + new UserGroupRoleUserChecker( + _renderResponse, _getGroup(), role)); + } + else { + _userSearch.setRowChecker( + new OrganizationRoleUserChecker( + _renderResponse, + (Organization)_httpServletRequest.getAttribute( + "edit_roles.jsp-organization"), + role)); } return _userSearch;
modules/test/playwright/tests/roles-selector-web/rolesSelector.spec.ts+3 −5 modified@@ -66,17 +66,16 @@ test( user2.emailAddress ); - const authToken = await page.evaluate(() => Liferay.authToken); - const portletName = - '_com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_'; - const companyId = await page.evaluate(() => { return Liferay.ThemeDisplay.getCompanyId(); }); const org2Group = await apiHelpers.jsonWebServicesGroup.getGroupByKey( companyId, `${org2.name} LFR_ORGANIZATION` ); + const authToken = await page.evaluate(() => Liferay.authToken); + const portletName = + '_com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_'; const urlSearchParams = new URLSearchParams(); urlSearchParams.append('p_p_auth', authToken); @@ -113,7 +112,6 @@ test( await ( await usersAndOrganizationsPage.organizationActionsMenu(org1.name) ).click(); - await usersAndOrganizationsPage.assignOrganizationRolesMenuItem.click(); await ( await usersAndOrganizationsPage.assignOrganizationRolesTableRowLink(
test.properties+1 −0 modified@@ -6749,6 +6749,7 @@ portlet-configuration-web,\ product-navigation-user-personal-bar-web,\ roles-admin-web,\ + roles-selector-web,\ users-admin-web um.testing.modules=\
830140e15ccfLPD-54145 - add test
6 files changed · +258 −0
modules/test/playwright/pages/users-admin-web/UsersAndOrganizationsPage.ts+98 −0 modified@@ -40,6 +40,30 @@ export class UsersAndOrganizationsPage { readonly activateButton: Locator; readonly activateUserMenuItem: Locator; readonly applicationsMenuPage: ApplicationsMenuPage; + readonly assignOrganizationRolesIFrame: FrameLocator; + readonly assignOrganizationRolesMenuItem: Locator; + readonly assignOrganizationRolesSearchBarButton: Locator; + readonly assignOrganizationRolesTable: Locator; + readonly assignOrganizationRolesTableRow: ( + colPosition: number, + value: string, + strictEqual?: boolean + ) => Promise<{column: Locator; row: Locator}>; + readonly assignOrganizationRolesTableRowLink: ( + roleName: string + ) => Promise<Locator>; + readonly assignOrganizationRolesUserCell: ( + userName: string + ) => Promise<Locator>; + readonly assignOrganizationRolesUserTable: Locator; + readonly assignOrganizationRolesUserTableCell: ( + userName: string + ) => Promise<Locator>; + readonly assignOrganizationRolesUserTableRow: ( + colPosition: number, + value: string, + strictEqual?: boolean + ) => Promise<{column: Locator; row: Locator}>; readonly assignUsersIFrame: FrameLocator; readonly assignUsersMenuItem: Locator; readonly assignUsersTable: Locator; @@ -143,6 +167,80 @@ export class UsersAndOrganizationsPage { name: 'Activate', }); this.applicationsMenuPage = new ApplicationsMenuPage(page); + this.assignOrganizationRolesIFrame = page.frameLocator( + 'iframe[title="Assign Organization Roles"]' + ); + this.assignOrganizationRolesMenuItem = page.getByRole('menuitem', { + name: 'Assign Organization Roles', + }); + this.assignOrganizationRolesSearchBarButton = + this.assignOrganizationRolesIFrame.getByRole('button', { + name: 'Search for', + }); + this.assignOrganizationRolesTable = + this.assignOrganizationRolesIFrame.locator( + '#_com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_rolesSearchContainer' + ); + this.assignOrganizationRolesTableRow = async ( + colPosition: number, + value: string, + strictEqual: boolean = false + ) => { + return await searchTableRowByValue( + this.assignOrganizationRolesTable, + colPosition, + value, + strictEqual + ); + }; + this.assignOrganizationRolesTableRowLink = async (roleName: string) => { + const assignOrganizationRolesTableRow = + await this.assignOrganizationRolesTableRow(0, roleName, true); + + if ( + assignOrganizationRolesTableRow && + assignOrganizationRolesTableRow.column + ) { + return assignOrganizationRolesTableRow.column.getByRole( + 'link', + { + name: roleName, + } + ); + } + + throw new Error(`Cannot locate role row with name ${roleName}`); + }; + this.assignOrganizationRolesUserCell = async (userName: string) => { + return page.getByRole('cell', { + exact: true, + name: userName, + }); + }; + this.assignOrganizationRolesUserTable = + this.assignOrganizationRolesIFrame.locator( + '#_com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_usersSearchContainer' + ); + this.assignOrganizationRolesUserTableCell = async ( + userName: string + ) => { + return this.assignOrganizationRolesUserTable.getByRole('cell', { + exact: true, + name: userName, + }); + }; + this.assignOrganizationRolesUserTableRow = async ( + colPosition: number, + value: string, + strictEqual: boolean = false + ) => { + return await searchTableRowByValue( + this.assignOrganizationRolesUserTable, + colPosition, + value, + strictEqual + ); + }; this.assignUsersIFrame = page.frameLocator('iframe[id="modalIframe"]'); this.assignUsersMenuItem = page.getByRole('menuitem', { name: 'Assign Users',
modules/test/playwright/playwright.config.ts+2 −0 modified@@ -108,6 +108,7 @@ import {config as productNavigationUserPersonalBarWebConfig} from './tests/produ import {config as questionsWebConfig} from './tests/questions-web/config'; import {config as redirectWebConfig} from './tests/redirect-web/config'; import {config as rolesAdminWebConfig} from './tests/roles-admin-web/config'; +import {config as rolesSelectorWebConfig} from './tests/roles-selector-web/config'; import {config as rssWebConfig} from './tests/rss-web/config'; import {config as samlWebConfig} from './tests/saml-web/config'; import {config as scimConfiguraitonWebConfig} from './tests/scim-configuration-web/config'; @@ -252,6 +253,7 @@ export default defineConfig({ questionsWebConfig, redirectWebConfig, rolesAdminWebConfig, + rolesSelectorWebConfig, rssWebConfig, samlWebConfig, scimConfiguraitonWebConfig,
modules/test/playwright/tests/roles-selector-web/config.ts+12 −0 added@@ -0,0 +1,12 @@ +/** + * SPDX-FileCopyrightText: (c) 2000 Liferay, Inc. https://liferay.com + * SPDX-License-Identifier: LGPL-2.1-or-later OR LicenseRef-Liferay-DXP-EULA-2.0.0-2023-06 + */ + +export const config = { + name: 'roles-selector-web', + testDir: 'tests/roles-selector-web', + use: { + testIdAttribute: 'data-qa-id', + }, +};
modules/test/playwright/tests/roles-selector-web/rolesSelector.spec.ts+139 −0 added@@ -0,0 +1,139 @@ +/** + * SPDX-FileCopyrightText: (c) 2024 Liferay, Inc. https://liferay.com + * SPDX-License-Identifier: LGPL-2.1-or-later OR LicenseRef-Liferay-DXP-EULA-2.0.0-2023-06 + */ + +import {expect, mergeTests} from '@playwright/test'; + +import {dataApiHelpersTest} from '../../fixtures/dataApiHelpersTest'; +import {loginTest} from '../../fixtures/loginTest'; +import {rolesPagesTest} from '../../fixtures/rolesPagesTest'; +import {usersAndOrganizationsPagesTest} from '../../fixtures/usersAndOrganizationsPagesTest'; +import {getRandomInt} from '../../utils/getRandomInt'; +import { + performLoginViaApi, + performLogout, + userData, +} from '../../utils/performLogin'; +import {PORTLET_URLS} from '../../utils/portletUrls'; + +export const test = mergeTests( + dataApiHelpersTest, + loginTest(), + rolesPagesTest, + usersAndOrganizationsPagesTest +); + +test( + 'Do not show users list when assigning a role without proper permission', + { + tag: ['@LPD-54145'], + }, + async ({apiHelpers, page, usersAndOrganizationsPage}) => { + const org1 = await apiHelpers.headlessAdminUser.postOrganization({ + name: 'Organization' + getRandomInt(), + }); + const user1 = await apiHelpers.headlessAdminUser.postUserAccount(); + + userData[user1.alternateName] = { + name: user1.givenName, + password: 'test', + surname: user1.familyName, + }; + + await apiHelpers.headlessAdminUser.assignUserToOrganizationByEmailAddress( + org1.id, + user1.emailAddress + ); + + const role = await apiHelpers.headlessAdminUser.getRoleByName( + 'Organization Administrator' + ); + + await apiHelpers.headlessAdminUser.assignUserToOrganizationRole( + role.id, + user1.id, + org1.id + ); + + const org2 = await apiHelpers.headlessAdminUser.postOrganization({ + name: 'Organization' + getRandomInt(), + }); + const user2 = await apiHelpers.headlessAdminUser.postUserAccount(); + + await apiHelpers.headlessAdminUser.assignUserToOrganizationByEmailAddress( + org2.id, + user2.emailAddress + ); + + const authToken = await page.evaluate(() => Liferay.authToken); + const portletName = + '_com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_'; + + const companyId = await page.evaluate(() => { + return Liferay.ThemeDisplay.getCompanyId(); + }); + const org2Group = await apiHelpers.jsonWebServicesGroup.getGroupByKey( + companyId, + `${org2.name} LFR_ORGANIZATION` + ); + + const urlSearchParams = new URLSearchParams(); + urlSearchParams.append('p_p_auth', authToken); + urlSearchParams.append('p_p_lifecycle', '0'); + urlSearchParams.append('p_p_mode', 'view'); + urlSearchParams.append('p_p_state', 'pop_up'); + urlSearchParams.append( + `${portletName}className`, + 'com.liferay.portal.kernel.model.User' + ); + urlSearchParams.append(`${portletName}groupId`, org2Group.groupId); + urlSearchParams.append(`${portletName}keywords`, ''); + urlSearchParams.append(`${portletName}roleId`, role.id.toString()); + urlSearchParams.append(`${portletName}tabs1`, 'available'); + + const baseUrl = `/group/guest${PORTLET_URLS.roleSelector}`; + const response = await page.request.get( + baseUrl + '&' + urlSearchParams.toString() + ); + + await page.goto(response.url()); + + await expect( + await usersAndOrganizationsPage.assignOrganizationRolesUserCell( + user2.name + ) + ).toBeVisible(); + + await performLogout(page); + await performLoginViaApi(page, user1.alternateName); + + await usersAndOrganizationsPage.goToOrganizationsWithLimitedAccess(); + + await ( + await usersAndOrganizationsPage.organizationActionsMenu(org1.name) + ).click(); + + await usersAndOrganizationsPage.assignOrganizationRolesMenuItem.click(); + await ( + await usersAndOrganizationsPage.assignOrganizationRolesTableRowLink( + 'Account Manager' + ) + ).click(); + await usersAndOrganizationsPage.assignOrganizationRolesSearchBarButton.click(); + + await expect( + await usersAndOrganizationsPage.assignOrganizationRolesUserTableCell( + user1.name + ) + ).toBeVisible(); + + await page.goto(response.url()); + + await expect( + await usersAndOrganizationsPage.assignOrganizationRolesUserCell( + user2.name + ) + ).toHaveCount(0); + } +);
modules/test/playwright/tests/roles-selector-web/test.properties+5 −0 added@@ -0,0 +1,5 @@ +## +## Testray +## + + testray.main.component.name=Roles \ No newline at end of file
modules/test/playwright/utils/portletUrls.ts+2 −0 modified@@ -73,6 +73,8 @@ export const PORTLET_URLS = { recycleBin: '/~/control_panel/manage/-/recycle_bin/', redirect: '/~/control_panel/manage?p_p_id=com_liferay_redirect_web_internal_portlet_RedirectPortlet', + roleSelector: + '/~/control_panel/manage?p_p_id=com_liferay_roles_selector_web_portlet_RolesSelectorPortlet', scriptManagement: '/~/control_panel/manage?p_p_id=com_liferay_configuration_admin_web_portlet_SystemSettingsPortlet&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_com_liferay_configuration_admin_web_portlet_SystemSettingsPortlet_mvcRenderCommandName=%2Fconfiguration_admin%2Fview_configuration_screen&_com_liferay_configuration_admin_web_portlet_SystemSettingsPortlet_configurationScreenKey=script-management', segments:
1ab3de8142d9LPD-54145 - add check for group when grabbing the results search container
1 file changed · +80 −71
modules/apps/roles/roles-selector-web/src/main/java/com/liferay/roles/selector/web/internal/display/context/EditRolesUsersDisplayContext.java+80 −71 modified@@ -12,7 +12,9 @@ import com.liferay.portal.kernel.model.Role; import com.liferay.portal.kernel.model.User; import com.liferay.portal.kernel.model.role.RoleConstants; +import com.liferay.portal.kernel.security.permission.ActionKeys; import com.liferay.portal.kernel.service.UserLocalServiceUtil; +import com.liferay.portal.kernel.service.permission.GroupPermissionUtil; import com.liferay.portal.kernel.theme.ThemeDisplay; import com.liferay.portal.kernel.util.LinkedHashMapBuilder; import com.liferay.portal.kernel.util.WebKeys; @@ -52,78 +54,85 @@ public SearchContainer<User> getSearchContainer() throws PortalException { return _userSearch; } - _userSearch = new UserSearch( - _renderRequest, - (PortletURL)_httpServletRequest.getAttribute( - "edit_roles.jsp-portletURL")); - - UserSearchTerms searchTerms = - (UserSearchTerms)_userSearch.getSearchTerms(); - - LinkedHashMap<String, Object> userParams = - LinkedHashMapBuilder.<String, Object>put( - "inherit", Boolean.TRUE - ).put( - "usersGroups", Long.valueOf(_getGroupId()) - ).put( - "userGroupRole", - () -> { - if (Objects.equals( - _httpServletRequest.getAttribute( - "edit_roles.jsp-tabs1"), - "current")) { - - return new Long[] { - Long.valueOf(_getGroupId()), - Long.valueOf(_getRoleId()) - }; + if (GroupPermissionUtil.contains( + _themeDisplay.getPermissionChecker(), _getGroupId(), + ActionKeys.ASSIGN_USER_ROLES)) { + + _userSearch = new UserSearch( + _renderRequest, + (PortletURL)_httpServletRequest.getAttribute( + "edit_roles.jsp-portletURL")); + + UserSearchTerms searchTerms = + (UserSearchTerms)_userSearch.getSearchTerms(); + + LinkedHashMap<String, Object> userParams = + LinkedHashMapBuilder.<String, Object>put( + "inherit", Boolean.TRUE + ).put( + "usersGroups", Long.valueOf(_getGroupId()) + ).put( + "userGroupRole", + () -> { + if (Objects.equals( + _httpServletRequest.getAttribute( + "edit_roles.jsp-tabs1"), + "current")) { + + return new Long[] { + Long.valueOf(_getGroupId()), + Long.valueOf(_getRoleId()) + }; + } + + return null; } - - return null; - } - ).build(); - - if (searchTerms.isAdvancedSearch()) { - _userSearch.setResultsAndTotal( - () -> UserLocalServiceUtil.search( - _themeDisplay.getCompanyId(), searchTerms.getFirstName(), - searchTerms.getMiddleName(), searchTerms.getLastName(), - searchTerms.getScreenName(), searchTerms.getEmailAddress(), - searchTerms.getStatus(), userParams, - searchTerms.isAndOperator(), _userSearch.getStart(), - _userSearch.getEnd(), _userSearch.getOrderByComparator()), - UserLocalServiceUtil.searchCount( - _themeDisplay.getCompanyId(), searchTerms.getFirstName(), - searchTerms.getMiddleName(), searchTerms.getLastName(), - searchTerms.getScreenName(), searchTerms.getEmailAddress(), - searchTerms.getStatus(), userParams, - searchTerms.isAndOperator())); - } - else { - _userSearch.setResultsAndTotal( - () -> UserLocalServiceUtil.search( - _themeDisplay.getCompanyId(), searchTerms.getKeywords(), - searchTerms.getStatus(), userParams, _userSearch.getStart(), - _userSearch.getEnd(), _userSearch.getOrderByComparator()), - UserLocalServiceUtil.searchCount( - _themeDisplay.getCompanyId(), searchTerms.getKeywords(), - searchTerms.getStatus(), userParams)); - } - - Role role = _getRole(); - - if (role.getType() == RoleConstants.TYPE_SITE) { - _userSearch.setRowChecker( - new UserGroupRoleUserChecker( - _renderResponse, _getGroup(), role)); - } - else { - _userSearch.setRowChecker( - new OrganizationRoleUserChecker( - _renderResponse, - (Organization)_httpServletRequest.getAttribute( - "edit_roles.jsp-organization"), - role)); + ).build(); + + if (searchTerms.isAdvancedSearch()) { + _userSearch.setResultsAndTotal( + () -> UserLocalServiceUtil.search( + _themeDisplay.getCompanyId(), + searchTerms.getFirstName(), searchTerms.getMiddleName(), + searchTerms.getLastName(), searchTerms.getScreenName(), + searchTerms.getEmailAddress(), searchTerms.getStatus(), + userParams, searchTerms.isAndOperator(), + _userSearch.getStart(), _userSearch.getEnd(), + _userSearch.getOrderByComparator()), + UserLocalServiceUtil.searchCount( + _themeDisplay.getCompanyId(), + searchTerms.getFirstName(), searchTerms.getMiddleName(), + searchTerms.getLastName(), searchTerms.getScreenName(), + searchTerms.getEmailAddress(), searchTerms.getStatus(), + userParams, searchTerms.isAndOperator())); + } + else { + _userSearch.setResultsAndTotal( + () -> UserLocalServiceUtil.search( + _themeDisplay.getCompanyId(), searchTerms.getKeywords(), + searchTerms.getStatus(), userParams, + _userSearch.getStart(), _userSearch.getEnd(), + _userSearch.getOrderByComparator()), + UserLocalServiceUtil.searchCount( + _themeDisplay.getCompanyId(), searchTerms.getKeywords(), + searchTerms.getStatus(), userParams)); + } + + Role role = _getRole(); + + if (role.getType() == RoleConstants.TYPE_SITE) { + _userSearch.setRowChecker( + new UserGroupRoleUserChecker( + _renderResponse, _getGroup(), role)); + } + else { + _userSearch.setRowChecker( + new OrganizationRoleUserChecker( + _renderResponse, + (Organization)_httpServletRequest.getAttribute( + "edit_roles.jsp-organization"), + role)); + } } return _userSearch;
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-v6xr-v2qg-h22hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-43732ghsaADVISORY
- github.com/liferay/liferay-portal/commit/1ab3de8142d9201d10d89f5eeb1edeea64599d57ghsaWEB
- github.com/liferay/liferay-portal/commit/830140e15ccfeb105641681c4f2bb375c12582baghsaWEB
- github.com/liferay/liferay-portal/commit/f07339e42a5788aa44016c4ca566b92399643442ghsaWEB
- liferay.atlassian.net/browse/LPE-18221ghsaWEB
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43732ghsaWEB
News mentions
0No linked articles in our index yet.