CVE-2022-45320: Privilege escalation in Liferay Portal

February 20, 2024 (updated March 31, 2025)

Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.

References

github.com/advisories/GHSA-mc8m-4r3w-q2hw
github.com/liferay/liferay-portal
github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16
liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320
nvd.nist.gov/vuln/detail/CVE-2022-45320

Code Behaviors & Features

Detect and mitigate CVE-2022-45320 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →