Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-uug8-ap5n-r3g2
Summary
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.
Aliases
0
alias CVE-2022-26595
1
alias GHSA-822f-jfpg-hg7h
Fixed_packages
0
url pkg:maven/com.liferay/com.liferay.site.browser.web@6.0.5
purl pkg:maven/com.liferay/com.liferay.site.browser.web@6.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.site.browser.web@6.0.5
1
url pkg:maven/com.liferay.portal/com.liferay.portal.impl@7.7.9
purl pkg:maven/com.liferay.portal/com.liferay.portal.impl@7.7.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.impl@7.7.9
2
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13
3
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j127-h1mf-nqam
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2
4
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.2-ga3
Affected_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17tm-rzgk-qfas
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-2dc6-guhs-juhy
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-5vyh-n1sc-sydy
5
vulnerability VCID-67kh-3nge-vfhg
6
vulnerability VCID-68kz-zfvf-7ucw
7
vulnerability VCID-6r32-cn35-sqcb
8
vulnerability VCID-6yj4-11z6-pfhx
9
vulnerability VCID-7gqd-78yq-r3be
10
vulnerability VCID-7zhe-ztqw-gkhh
11
vulnerability VCID-84qe-1wws-v3g6
12
vulnerability VCID-a93n-jcyj-s7cb
13
vulnerability VCID-b7h9-cxkj-hkc8
14
vulnerability VCID-c4kq-8dpb-bkc7
15
vulnerability VCID-d7nb-6hvn-cueh
16
vulnerability VCID-eaks-bevz-uuc8
17
vulnerability VCID-f9dw-g5c2-jba1
18
vulnerability VCID-ggs5-4zac-vqa7
19
vulnerability VCID-gp4p-wthk-k3hf
20
vulnerability VCID-gv7c-qump-nyds
21
vulnerability VCID-gz3a-m337-s7dn
22
vulnerability VCID-h261-uqtv-yfek
23
vulnerability VCID-hrnu-4t2j-9qba
24
vulnerability VCID-hw1d-gdcv-vkec
25
vulnerability VCID-jarq-qchk-nkc1
26
vulnerability VCID-jkje-ckr9-6ffp
27
vulnerability VCID-jr2w-84ez-3kg2
28
vulnerability VCID-k29y-9nww-cuh6
29
vulnerability VCID-k6d6-hyep-pbac
30
vulnerability VCID-m1tw-29pq-h3gw
31
vulnerability VCID-menx-yu2z-xkeh
32
vulnerability VCID-p7s6-d63y-4ffb
33
vulnerability VCID-p9am-1rhf-6bh2
34
vulnerability VCID-q23w-uet7-w7fz
35
vulnerability VCID-qar1-pfr5-ekfm
36
vulnerability VCID-sn9p-y571-ffej
37
vulnerability VCID-t51p-askk-pfcx
38
vulnerability VCID-ub82-jbgf-mfb8
39
vulnerability VCID-uug8-ap5n-r3g2
40
vulnerability VCID-vrqa-ggse-wqhn
41
vulnerability VCID-wwhx-5znm-nyea
42
vulnerability VCID-x13m-kscr-nkbf
43
vulnerability VCID-x7ny-9pvm-77eh
44
vulnerability VCID-xe2v-j69t-d3h3
45
vulnerability VCID-yq5x-4eyq-m7ba
46
vulnerability VCID-yump-6eg9-9yeq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.0
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-1h16-mptk-gke7
2
vulnerability VCID-266t-4gfq-duh4
3
vulnerability VCID-4mcy-yw2p-v7bd
4
vulnerability VCID-7f43-u96s-qyeq
5
vulnerability VCID-7gqd-78yq-r3be
6
vulnerability VCID-7zhe-ztqw-gkhh
7
vulnerability VCID-a7z8-2fzy-2qee
8
vulnerability VCID-a93n-jcyj-s7cb
9
vulnerability VCID-b7h9-cxkj-hkc8
10
vulnerability VCID-cxnv-25bg-rubj
11
vulnerability VCID-e5c7-wsvb-dyfm
12
vulnerability VCID-ef5k-bdxm-xfer
13
vulnerability VCID-ggs5-4zac-vqa7
14
vulnerability VCID-gz3a-m337-s7dn
15
vulnerability VCID-h261-uqtv-yfek
16
vulnerability VCID-hrnu-4t2j-9qba
17
vulnerability VCID-hw1d-gdcv-vkec
18
vulnerability VCID-k6d6-hyep-pbac
19
vulnerability VCID-k7yh-fkj8-t3fx
20
vulnerability VCID-k9yt-aj7x-3bht
21
vulnerability VCID-menx-yu2z-xkeh
22
vulnerability VCID-mph8-zzjv-67av
23
vulnerability VCID-n6qs-hded-rydp
24
vulnerability VCID-p9am-1rhf-6bh2
25
vulnerability VCID-q7bs-639b-pken
26
vulnerability VCID-tqvb-a46r-jbf8
27
vulnerability VCID-uu3m-ef36-jqg7
28
vulnerability VCID-uug8-ap5n-r3g2
29
vulnerability VCID-x7ny-9pvm-77eh
30
vulnerability VCID-xa5h-2khm-efgj
31
vulnerability VCID-xe2v-j69t-d3h3
32
vulnerability VCID-xwgk-d28b-rbgz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26595
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29352
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26595
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5b958de42d93f1ba5879a0a20054b14ad7f145c4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5b958de42d93f1ba5879a0a20054b14ad7f145c4
3
reference_url https://liferay.atlassian.net/issues/LPE-17367
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/issues/LPE-17367
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26595-unauthorized-access-to-site-group-list?p_r_p_assetEntryId=121612195&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612195%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-26595-unauthorized-access-to-site-group-list?p_r_p_assetEntryId=121612195&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612195%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26595
reference_id CVE-2022-26595
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26595
6
reference_url https://github.com/advisories/GHSA-822f-jfpg-hg7h
reference_id GHSA-822f-jfpg-hg7h
reference_type
scores
url https://github.com/advisories/GHSA-822f-jfpg-hg7h
Weaknesses
0
cwe_id 276
name Incorrect Default Permissions
description During installation, installed file permissions are set to allow anyone to modify those files.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-uug8-ap5n-r3g2