1. Home
  2. Vulnerabilities
  3. CVE-2022-42123

CVE-2022-42123

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.11 % (46th)
0.11% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2022-11-15 01:15:13
(22 months ago)
Updated Date
2022-11-18 15:50:40
(22 months ago)

Affected Products

Liferay

Configuration #1

    CPE23 From Up To
  Liferay Digital Experience Platform 7.3 cpe:2.3:a:liferay:digital_experience_platform:7.3:-
  Liferay Digital Experience Platform 7.4 cpe:2.3:a:liferay:digital_experience_platform:7.4:-
  Liferay Portal from 7.3.3 version and prior 7.4.3.19 version cpe:2.3:a:liferay:liferay_portal >= 7.3.3 < 7.4.3.19