CVE-2024-25150

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-201
View all →

Vulnerability Description

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.

Related Vulnerabilities

CVE-2020-14514

MEDIUM
CVSS:4.3(Medium)

All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental condi...

CWE-2012020

CVE-2020-1770

MEDIUM
CVSS:4.3(Medium)

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior v...

CWE-2012020

CVE-2021-1425

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access ...

CWE-2012021

CVE-2023-1401

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.

CWE-2012023

CVE-2023-1825

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It w...

CWE-2012023

CVE-2023-4378

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A ma...

CWE-2012023