CVE-2022-38512 Information

Description

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36 and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation allowing attackers to download a web content page’s XLIFF translation file via crafted URL.

Reference

http://liferay.com https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512