Date
Wed, 21 Nov 2018 08:19:00 +0000
Title
CST-7110 Path traversal vulnerability in templates
Description
Liferay Portal 7.1 CE GA1 contains a path traversal vulnerability in Web Content templates and Application Display Templates (ADT). The vulnerability allows any user with permission to create templates to read any file on the system.
Severity
Severity 1
Workaround
Review your portal permissions and ensure only trusted users have permission to add/edit Web Content templates and ADTs.
Notes
There is no patch available for Liferay Portal 7.1 CE GA1. Instead, users should upgrade to Liferay Portal 7.1 CE GA2 (7.1.1) or later to fix this issue.