PT-2023-24591 · Liferay · Liferay Dxp+1

Publicado

2023-05-24

Atualizado

2026-01-09

CVE-2023-33949

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.0 and earlier Liferay DXP versions 7.2 and earlier

Description The default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses they don't control. The issue can be addressed by setting the portal property company.security.strangers.verify to true.

Recommendations For Liferay Portal versions 7.3.0 and earlier, set the portal property company.security.strangers.verify to true. For Liferay DXP versions 7.2 and earlier, set the portal property company.security.strangers.verify to true.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1188

Identificadores relacionados

BIT-LIFERAY-2023-33949

CVE-2023-33949

GHSA-G9MR-9XFC-4GF7

Produtos afetados

Liferay Dxp

Liferay Portal

PT-2023-24591 · Liferay · Liferay Dxp+1

CVE-2023-33949

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9