Issue
- User is able to see their own public IP while checking the source code of a page on the Liferay portal.
Environment
- Liferay DXP 7.3
- Liferay DXP 7.4
Resolution
- The public IP is visible through the getRemoteAddr method which is used in the portal for multiple applications like Geolocation and Audit Events.
- Also, a user viewing their own public IP is not considered a vulnerability/ threat.
- The user has multiple options to check their public IP from the browser level including Google and other websites, and this way the IP is only visible to the user checking it, and not to any other user/ stranger.
Additional Information
- In some cases, the source code may display an internal IP due to misconfigured frontend servers or load balancers. For more information, see:
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar