Issue
- User is able to see their own public IP while checking the source code of a page on the Liferay portal.
Environment
- Liferay DXP 7.3
- Liferay DXP 7.4
Resolution
- The public IP is visible through the getRemoteAddr method which is used in the portal for multiple applications like Geolocation and Audit Events.
- Also, a user viewing their own public IP is not considered a vulnerability/ threat.
- The user has multiple options to check their public IP from the browser level including Google and other websites, and this way the IP is only visible to the user checking it, and not to any other user/ stranger.
Additional Information
- In some cases, the source code may display an internal IP due to misconfigured frontend servers or load balancers. For more information, see:
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión