Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/47058?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47058?format=api", "vulnerability_id": "VCID-1fqz-psdf-g7dm", "summary": "Liferay Portal and Liferay DXP User Enumeration Vulnerability\nUser enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.", "aliases": [ { "alias": "CVE-2024-26268" }, { "alias": "GHSA-qm43-g2xj-hvg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67371?format=api", "purl": "pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-xe2v-j69t-d3h3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp20" }, { "url": "http://public2.vulnerablecode.io/api/packages/69059?format=api", "purl": "pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/68833?format=api", "purl": "pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u27" }, { "url": "http://public2.vulnerablecode.io/api/packages/69041?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.27-ga27" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60857?format=api", "purl": "pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-4mcy-yw2p-v7bd" }, { "vulnerability": "VCID-7zhe-ztqw-gkhh" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-b7h9-cxkj-hkc8" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-h261-uqtv-yfek" }, { "vulnerability": "VCID-hrnu-4t2j-9qba" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k6d6-hyep-pbac" }, { "vulnerability": "VCID-k7yh-fkj8-t3fx" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-mph8-zzjv-67av" }, { "vulnerability": "VCID-n6qs-hded-rydp" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-q7bs-639b-pken" }, { "vulnerability": "VCID-tqvb-a46r-jbf8" }, { "vulnerability": "VCID-uug8-ap5n-r3g2" }, { "vulnerability": "VCID-xa5h-2khm-efgj" }, { "vulnerability": "VCID-xe2v-j69t-d3h3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67365?format=api", "purl": "pkg:maven/com.liferay.portal/release.dxp.bom@7.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-42k1-vb9z-3qe7" }, { "vulnerability": "VCID-9hvg-h2ra-nbcc" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-a7z8-2fzy-2qee" }, { "vulnerability": "VCID-c3ym-wtv5-hfhr" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-gkn8-ehfa-3ugx" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-tqvb-a46r-jbf8" }, { "vulnerability": "VCID-xe2v-j69t-d3h3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/68799?format=api", "purl": "pkg:maven/com.liferay.portal/release.portal.bom@7.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fqz-psdf-g7dm" }, { "vulnerability": "VCID-266t-4gfq-duh4" }, { "vulnerability": "VCID-77qw-vmwe-x3d4" }, { "vulnerability": "VCID-8jv6-163j-a7b2" }, { "vulnerability": "VCID-9471-umbz-pucy" }, { "vulnerability": "VCID-9yw4-52sc-rbbz" }, { "vulnerability": "VCID-e5c7-wsvb-dyfm" }, { "vulnerability": "VCID-ebzh-bpks-5qe2" }, { "vulnerability": "VCID-ggs5-4zac-vqa7" }, { "vulnerability": "VCID-hw1d-gdcv-vkec" }, { "vulnerability": "VCID-k9yt-aj7x-3bht" }, { "vulnerability": "VCID-mcea-q7za-duay" }, { "vulnerability": "VCID-p9am-1rhf-6bh2" }, { "vulnerability": "VCID-qks2-mqk8-wffq" }, { "vulnerability": "VCID-ub82-jbgf-mfb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.2.0" } ], "references": [ { "reference_url": "https://github.com/liferay/liferay-portal", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal" }, { "reference_url": "https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93" }, { "reference_url": "https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8" }, { "reference_url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268", "reference_id": "CVE-2024-26268", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26268", "reference_id": "CVE-2024-26268", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26268" }, { "reference_url": "https://github.com/advisories/GHSA-qm43-g2xj-hvg5", "reference_id": "GHSA-qm43-g2xj-hvg5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qm43-g2xj-hvg5" } ], "weaknesses": [ { "cwe_id": 203, "name": "Observable Discrepancy", "description": "The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fqz-psdf-g7dm" }