-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.liferay.portal:release.portal.bom | maven | >= 7.3.5, <= 7.4.3.28 | 7.4.3.48 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing permission checks in asset library retrieval for UI components. The Liferay security advisory directly identifies DepotGroupItemSelectorProvider as the vulnerable component. This provider would be invoked when rendering asset library selection interfaces, and its getDepotGroups method (or equivalent) would appear in stack traces during unauthorized access attempts. The function signature is reconstructed based on Liferay's package naming conventions and the explicit reference in the advisory documentation.