{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47059?format=json","vulnerability_id":"VCID-266t-4gfq-duh4","summary":"Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel\nInformation disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.","aliases":[{"alias":"CVE-2024-25150"},{"alias":"GHSA-4585-28v2-8h46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68831?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19"},{"url":"http://public2.vulnerablecode.io/api/packages/68816?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4"},{"url":"http://public2.vulnerablecode.io/api/packages/69044?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11qf-d5xp-4fey"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60857?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-4mcy-yw2p-v7bd"},{"vulnerability":"VCID-7zhe-ztqw-gkhh"},{"vulnerability":"VCID-a7z8-2fzy-2qee"},{"vulnerability":"VCID-b7h9-cxkj-hkc8"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-h261-uqtv-yfek"},{"vulnerability":"VCID-hrnu-4t2j-9qba"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k6d6-hyep-pbac"},{"vulnerability":"VCID-k7yh-fkj8-t3fx"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-mph8-zzjv-67av"},{"vulnerability":"VCID-n6qs-hded-rydp"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-q7bs-639b-pken"},{"vulnerability":"VCID-tqvb-a46r-jbf8"},{"vulnerability":"VCID-uug8-ap5n-r3g2"},{"vulnerability":"VCID-xa5h-2khm-efgj"},{"vulnerability":"VCID-xe2v-j69t-d3h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68799?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fqz-psdf-g7dm"},{"vulnerability":"VCID-266t-4gfq-duh4"},{"vulnerability":"VCID-77qw-vmwe-x3d4"},{"vulnerability":"VCID-8jv6-163j-a7b2"},{"vulnerability":"VCID-9471-umbz-pucy"},{"vulnerability":"VCID-9yw4-52sc-rbbz"},{"vulnerability":"VCID-e5c7-wsvb-dyfm"},{"vulnerability":"VCID-ggs5-4zac-vqa7"},{"vulnerability":"VCID-hw1d-gdcv-vkec"},{"vulnerability":"VCID-k9yt-aj7x-3bht"},{"vulnerability":"VCID-mcea-q7za-duay"},{"vulnerability":"VCID-p9am-1rhf-6bh2"},{"vulnerability":"VCID-qks2-mqk8-wffq"},{"vulnerability":"VCID-ub82-jbgf-mfb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.2.0"}],"references":[{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150","reference_id":"CVE-2024-25150","reference_type":"","scores":[],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25150","reference_id":"CVE-2024-25150","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25150"},{"reference_url":"https://github.com/advisories/GHSA-4585-28v2-8h46","reference_id":"GHSA-4585-28v2-8h46","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4585-28v2-8h46"}],"weaknesses":[{"cwe_id":201,"name":"Insertion of Sensitive Information Into Sent Data","description":"The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-266t-4gfq-duh4"}