Issue
- User is able to see their own public IP while checking the source code of a page on the Liferay portal.
Environment
- Liferay DXP 7.3
- Liferay DXP 7.4
Resolution
- The public IP is visible through the getRemoteAddr method which is used in the portal for multiple applications like Geolocation and Audit Events.
- Also, a user viewing their own public IP is not considered a vulnerability/ threat.
- The user has multiple options to check their public IP from the browser level including Google and other websites, and this way the IP is only visible to the user checking it, and not to any other user/ stranger.
Additional Information
- In some cases, the source code may display an internal IP due to misconfigured frontend servers or load balancers. For more information, see:
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In