BIT-liferay-2023-33949

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2023-33949.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-liferay-2023-33949
Aliases
Published
2024-01-31T15:17:28.207Z
Modified
2024-02-19T10:36:29.170Z
Summary
[none]
Details

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property company.security.strangers.verify should be set to true.

Database specific
{
    "cpes": [
        "cpe:2.3:a:liferay:digital_experience_platform:7.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / liferay

Package

Name
liferay
Purl
pkg:bitnami/liferay

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.0.0
Last affected
7.0.0
Introduced
7.1.0
Last affected
7.1.0
Introduced
7.2.0
Last affected
7.2.0