com.liferay.portal:com.liferay.portal.impl 3.50.7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.liferay.portal:com.liferay.portal.impl package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Use of Web Browser Cache Containing Sensitive Information com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information due to using an incorrect `cache-control` header. A local attacker can gain unauthorized access to previously downloaded files by retrieving them from the browser's cache. How to fix Use of Web Browser Cache Containing Sensitive Information? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 69.0.0 or higher.	[,69.0.0)
M Brute Force com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Brute Force via the authentication. An attacker can obtain valid user credentials by performing a brute force attack, even when account lockout is enabled. How to fix Brute Force? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 60.0.0 or higher.	[,60.0.0)
M Cleartext Storage of Sensitive Information com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the form of password reset tokens appearing in plain text. A privileged user can retrieving tokens of other users from the database. How to fix Cleartext Storage of Sensitive Information? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 93.0.0 or higher.	[,93.0.0)
M Missing Authentication for Critical Function com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Missing Authentication for Critical Function that allows users to access to and modify content by interacting with certain APIs before email verification is completed. How to fix Missing Authentication for Critical Function? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 97.0.0 or higher.	[,97.0.0)
M Allocation of Resources Without Limits or Throttling com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `ComboServlet`. An attacker can exhaust system resources and disrupt service availability by sending specially crafted URL query strings that request the combination of a large number of files, resulting in excessively sized responses. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 97.0.0 or higher.	[,97.0.0)
M Cross-site Scripting (XSS) com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `google_gadget` process. An attacker can execute arbitrary JavaScript in the context of a user's browser by crafting a malicious request. How to fix Cross-site Scripting (XSS)? A fix was pushed into the `master` branch but not yet published.	[0,)
M Authorization Bypass Through User-Controlled Key com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the `com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds` parameter. An attacker can assign an organization to a user in a different virtual instance by manipulating this parameter as an authenticated user. How to fix Authorization Bypass Through User-Controlled Key? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 99.0.1 or higher.	[,99.0.1)
M Directory Traversal com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Directory Traversal via the `ComboServlet` component. An attacker can access arbitrary CSS and JS files and cause repeated loading of these files by manipulating the query string in a URL. How to fix Directory Traversal? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 96.0.0 or higher.	[,96.0.0)
M Unchecked Input for Loop Condition com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the XML-RPC due to unchecked input in the loop condition. An attacker can exhaust system resources by sending specially crafted XML-RPC requests. How to fix Unchecked Input for Loop Condition? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 96.0.0 or higher.	[,96.0.0)
M Open Redirect com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Open Redirect in the handling of the `SystemSettingsPortlet.redirect`, `InstanceSettingsPortlet.redirect`, and `SiteSettingsPortlet.redirect` parameters. An attacker can redirect users to arbitrary external URLs by crafting malicious links that exploit these parameters. How to fix Open Redirect? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 93.0.0 or higher.	[,93.0.0)
M Use of Default Credentials com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Use of Default Credentials due to the API not restricting access before a user has changed their initial password. An attacker can gain unauthorized access and modify content by interacting with the API using default credentials. How to fix Use of Default Credentials? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 97.0.0 or higher.	[,97.0.0)
M Server-side Request Forgery (SSRF) com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via insecure domain validation on `analytics.cloud.domain.allowed`. An attacker can make unauthorized requests to internal or external systems by manipulating the domain and bypassing the intended validation mechanism. How to fix Server-side Request Forgery (SSRF)? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 113.1.0 or higher.	[,113.1.0)
M Insertion of Sensitive Information Into Sent Data com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the `getOrganizationUsersCount` accessible through JSONWS APIs. An attacker can obtain sensitive information related to admin users by sending crafted requests as an authenticated user without any specific permissions. How to fix Insertion of Sensitive Information Into Sent Data? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 108.1.1 or higher.	[,108.1.1)
M Cross-site Scripting (XSS) com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `PortalUtil.escapeRedirect` function. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious input into the affected process. How to fix Cross-site Scripting (XSS)? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 110.0.0 or higher.	[,110.0.0)
M Timing Attack com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server response times to crafted authentication requests. How to fix Timing Attack? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 110.0.0 or higher.	[,110.0.0)
M Information Exposure com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Information Exposure via the `calendar` implementation. An attacker can obtain access to other users' calendars and their names by sending crafted requests, which may enable further targeted attacks such as phishing. How to fix Information Exposure? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 111.0.0 or higher.	[,111.0.0)
M Cross-site Scripting (XSS) com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `GoogleGadget` servlet. An attacker can execute arbitrary JavaScript in the context of a user's browser by crafting a malicious request that triggers the vulnerable process. How to fix Cross-site Scripting (XSS)? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 109.1.0 or higher.	[,109.1.0)
M Open Redirect com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Open Redirect via the `redirect` parameter, `FORWARD_URL` parameter, and other parameters that rely on the `HtmlUtil.escapeRedirect`. An attacker can cause users to be redirected to arbitrary external URLs by crafting requests with double forward slashes in these parameters. Note: This vulnerability is bypass for CVE-2022-28977 How to fix Open Redirect? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 25.0.0 or higher.	[,25.0.0)
M Observable Discrepancy com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response times. How to fix Observable Discrepancy? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 40.0.0 or higher.	[,40.0.0)
M Insecure Default Initialization of Resource com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the `Liferay-Portal` response header. An attacker can obtain sensitive version information by sending crafted HTTP requests and analyzing the returned headers. How to fix Insecure Default Initialization of Resource? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 37.0.0 or higher.	[,37.0.0)
M Open Redirect com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Open Redirect via the `redirect`, `FORWARD_URL`, `noSuchEntryRedirect`, and other parameters that rely on the `HtmlUtil.escapeRedirect` process. An attacker can redirect users to arbitrary external URLs by crafting requests containing the REPLACEMENT CHARACTER (U+FFFD) to bypass input validation. How to fix Open Redirect? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 31.0.2 or higher.	[,31.0.2)
M Incorrect Authorization com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Incorrect Authorization in the process that manages site membership restrictions when the "Limit membership to members of the parent site" option is enabled. An attacker can gain unauthorized access to a child site and perform actions without proper authorization by adding users who are not members of the parent site. How to fix Incorrect Authorization? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 7.8.0 or higher.	[,7.8.0)
H Incorrect Authorization com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Incorrect Authorization in the User and Organizations section of the Control Panel. An attacker can gain unauthorized ability to modify their own permissions by leveraging only the VIEW user permission. How to fix Incorrect Authorization? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 8.2.1 or higher.	[,8.2.1)
M Insertion of Sensitive Information Into Sent Data com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Control Panel. An attacker can obtain sensitive user information by enumerating user screen names and accessing the page's title. How to fix Insertion of Sensitive Information Into Sent Data? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 8.0.0 or higher.	[,8.0.0)
C Cross-site Scripting (XSS) com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `HtmlUtil.escapeJsLink` function. An attacker can inject arbitrary web script or HTML by crafting `javascript:` style links. How to fix Cross-site Scripting (XSS)? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 7.8.0 or higher.	[,7.8.0)
M Cross-site Request Forgery (CSRF) com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to insufficient protection on the terms of use page. An attacker can trick a user into accepting the site's terms of use by convincing them to visit a malicious page. How to fix Cross-site Request Forgery (CSRF)? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 5.25.0 or higher.	[,5.25.0)
M Observable Discrepancy com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy due to the handling of different responses based on site existence or user permissions. An attacker can discover the existence of sites by enumerating URLs. Note: This is only exploitable if `locale.prepend.friendly.url.style=2` and if a custom 404 page is used. How to fix Observable Discrepancy? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 7.8.0 or higher.	[,7.8.0)
M Insecure Default Initialization of Resource com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource such that the default configuration does not require users to verify their email addresses, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true. How to fix Insecure Default Initialization of Resource? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 5.5.4 or higher.	[,5.5.4)
M Arbitrary File Write via Archive Extraction (Zip Slip) com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) in `FileUtil.unzip`, which allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 47.1.0 or higher.	[,47.1.0)
M Open Redirect com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Open Redirect via the `HtmlUtil.escapeRedirect`, by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the 'redirect`parameter, the`FORWARD_URL`parameter, and others parameters that rely on`HtmlUtil.escapeRedirect`. How to fix Open Redirect? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 7.9.0 or higher.	[,7.9.0)
M Access Restriction Bypass com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Access Restriction Bypass by not properly checking user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI. How to fix Access Restriction Bypass? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 6.05 or higher.	[,6.05)
M Information Exposure com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Information Exposure. User's passwords are stored in the database if workflow is enabled for new users. This allows attackers with access to the database to obtain the user's unencrypted password. How to fix Information Exposure? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 5.11.0 or higher.	[,5.11.0)
M Improper Validation com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Improper Validation. Password reset tokens are still valid after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token. How to fix Improper Validation? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 5.7.3 or higher.	[,5.7.3)
M Information Exposure com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Information Exposure. It allows remote attackers to enumerate user email addresses via the forgot password functionality. The `portal.property` `login.secure.forgot.password` should be defaulted to `true`. How to fix Information Exposure? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 5.11.0 or higher.	[,5.11.0)
M Improper Authorization com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Improper Authorization. It does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. How to fix Improper Authorization? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 5.9.0 or higher.	[,5.9.0)
M Privilege Escalation com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Privilege Escalation. It allows remote authenticated users with permission to update or edit users to take over a company administrator user account by editing the company administrator user. How to fix Privilege Escalation? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 5.16.4 or higher.	[,5.16.4)
M Arbitrary File Access com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Arbitrary File Access. The property `portlet.resource.id.banned.paths.regexp` can be bypassed with doubled encoded URLs, which allows remote attackers to access restricted `portlet` resources (e.g., files within `/META-INF` and /`WEB-IN`). How to fix Arbitrary File Access? Upgrade `com.liferay.portal:com.liferay.portal.impl` to version 7.4.0, 7.1.3 or higher.	[7.2.0,7.4.0)[0,7.1.3)

Vulnerability

Vulnerable Version

Use of Web Browser Cache Containing Sensitive Information

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information due to using an incorrect cache-control header. A local attacker can gain unauthorized access to previously downloaded files by retrieving them from the browser's cache.

How to fix Use of Web Browser Cache Containing Sensitive Information?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 69.0.0 or higher.

[,69.0.0)

Brute Force

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Brute Force via the authentication. An attacker can obtain valid user credentials by performing a brute force attack, even when account lockout is enabled.

How to fix Brute Force?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 60.0.0 or higher.

[,60.0.0)

Cleartext Storage of Sensitive Information

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the form of password reset tokens appearing in plain text. A privileged user can retrieving tokens of other users from the database.

How to fix Cleartext Storage of Sensitive Information?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 93.0.0 or higher.

[,93.0.0)

Missing Authentication for Critical Function

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Missing Authentication for Critical Function that allows users to access to and modify content by interacting with certain APIs before email verification is completed.

How to fix Missing Authentication for Critical Function?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 97.0.0 or higher.

[,97.0.0)

Allocation of Resources Without Limits or Throttling

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ComboServlet. An attacker can exhaust system resources and disrupt service availability by sending specially crafted URL query strings that request the combination of a large number of files, resulting in excessively sized responses.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 97.0.0 or higher.

[,97.0.0)

Cross-site Scripting (XSS)

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the google_gadget process. An attacker can execute arbitrary JavaScript in the context of a user's browser by crafting a malicious request.

How to fix Cross-site Scripting (XSS)?

A fix was pushed into the master branch but not yet published.

[0,)

Authorization Bypass Through User-Controlled Key

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds parameter. An attacker can assign an organization to a user in a different virtual instance by manipulating this parameter as an authenticated user.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 99.0.1 or higher.

[,99.0.1)

Directory Traversal

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Directory Traversal via the ComboServlet component. An attacker can access arbitrary CSS and JS files and cause repeated loading of these files by manipulating the query string in a URL.

How to fix Directory Traversal?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 96.0.0 or higher.

[,96.0.0)

Unchecked Input for Loop Condition

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the XML-RPC due to unchecked input in the loop condition. An attacker can exhaust system resources by sending specially crafted XML-RPC requests.

How to fix Unchecked Input for Loop Condition?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 96.0.0 or higher.

[,96.0.0)

Open Redirect

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Open Redirect in the handling of the SystemSettingsPortlet.redirect, InstanceSettingsPortlet.redirect, and SiteSettingsPortlet.redirect parameters. An attacker can redirect users to arbitrary external URLs by crafting malicious links that exploit these parameters.

How to fix Open Redirect?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 93.0.0 or higher.

[,93.0.0)

Use of Default Credentials

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Use of Default Credentials due to the API not restricting access before a user has changed their initial password. An attacker can gain unauthorized access and modify content by interacting with the API using default credentials.

How to fix Use of Default Credentials?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 97.0.0 or higher.

[,97.0.0)

Server-side Request Forgery (SSRF)

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via insecure domain validation on analytics.cloud.domain.allowed. An attacker can make unauthorized requests to internal or external systems by manipulating the domain and bypassing the intended validation mechanism.

How to fix Server-side Request Forgery (SSRF)?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 113.1.0 or higher.

[,113.1.0)

Insertion of Sensitive Information Into Sent Data

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the getOrganizationUsersCount accessible through JSONWS APIs. An attacker can obtain sensitive information related to admin users by sending crafted requests as an authenticated user without any specific permissions.

How to fix Insertion of Sensitive Information Into Sent Data?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 108.1.1 or higher.

[,108.1.1)

Cross-site Scripting (XSS)

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the PortalUtil.escapeRedirect function. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious input into the affected process.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 110.0.0 or higher.

[,110.0.0)

Timing Attack

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server response times to crafted authentication requests.

How to fix Timing Attack?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 110.0.0 or higher.

[,110.0.0)

Information Exposure

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Information Exposure via the calendar implementation. An attacker can obtain access to other users' calendars and their names by sending crafted requests, which may enable further targeted attacks such as phishing.

How to fix Information Exposure?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 111.0.0 or higher.

[,111.0.0)

Cross-site Scripting (XSS)

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the GoogleGadget servlet. An attacker can execute arbitrary JavaScript in the context of a user's browser by crafting a malicious request that triggers the vulnerable process.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 109.1.0 or higher.

[,109.1.0)

Open Redirect

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Open Redirect via the redirect parameter, FORWARD_URL parameter, and other parameters that rely on the HtmlUtil.escapeRedirect. An attacker can cause users to be redirected to arbitrary external URLs by crafting requests with double forward slashes in these parameters.

Note: This vulnerability is bypass for CVE-2022-28977

How to fix Open Redirect?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 25.0.0 or higher.

[,25.0.0)

Observable Discrepancy

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response times.

How to fix Observable Discrepancy?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 40.0.0 or higher.

[,40.0.0)

Insecure Default Initialization of Resource

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the Liferay-Portal response header. An attacker can obtain sensitive version information by sending crafted HTTP requests and analyzing the returned headers.

How to fix Insecure Default Initialization of Resource?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 37.0.0 or higher.

[,37.0.0)

Open Redirect

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Open Redirect via the redirect, FORWARD_URL, noSuchEntryRedirect, and other parameters that rely on the HtmlUtil.escapeRedirect process. An attacker can redirect users to arbitrary external URLs by crafting requests containing the REPLACEMENT CHARACTER (U+FFFD) to bypass input validation.

How to fix Open Redirect?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 31.0.2 or higher.

[,31.0.2)

Incorrect Authorization

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Incorrect Authorization in the process that manages site membership restrictions when the "Limit membership to members of the parent site" option is enabled. An attacker can gain unauthorized access to a child site and perform actions without proper authorization by adding users who are not members of the parent site.

How to fix Incorrect Authorization?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 7.8.0 or higher.

[,7.8.0)

Incorrect Authorization

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Incorrect Authorization in the User and Organizations section of the Control Panel. An attacker can gain unauthorized ability to modify their own permissions by leveraging only the VIEW user permission.

How to fix Incorrect Authorization?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 8.2.1 or higher.

[,8.2.1)

Insertion of Sensitive Information Into Sent Data

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Control Panel. An attacker can obtain sensitive user information by enumerating user screen names and accessing the page's title.

How to fix Insertion of Sensitive Information Into Sent Data?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 8.0.0 or higher.

[,8.0.0)

Cross-site Scripting (XSS)

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the HtmlUtil.escapeJsLink function. An attacker can inject arbitrary web script or HTML by crafting javascript: style links.

How to fix Cross-site Scripting (XSS)?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 7.8.0 or higher.

[,7.8.0)

Cross-site Request Forgery (CSRF)

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to insufficient protection on the terms of use page. An attacker can trick a user into accepting the site's terms of use by convincing them to visit a malicious page.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 5.25.0 or higher.

[,5.25.0)

Observable Discrepancy

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Observable Discrepancy due to the handling of different responses based on site existence or user permissions. An attacker can discover the existence of sites by enumerating URLs.

Note:

This is only exploitable if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.

How to fix Observable Discrepancy?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 7.8.0 or higher.

[,7.8.0)

Insecure Default Initialization of Resource

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Insecure Default Initialization of Resource such that the default configuration does not require users to verify their email addresses, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property company.security.strangers.verify should be set to true.

How to fix Insecure Default Initialization of Resource?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 5.5.4 or higher.

[,5.5.4)

Arbitrary File Write via Archive Extraction (Zip Slip)

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) in FileUtil.unzip, which allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 47.1.0 or higher.

[,47.1.0)

Open Redirect

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Open Redirect via the HtmlUtil.escapeRedirect, by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the 'redirectparameter, theFORWARD_URLparameter, and others parameters that rely onHtmlUtil.escapeRedirect`.

How to fix Open Redirect?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 7.9.0 or higher.

[,7.9.0)

Access Restriction Bypass

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Access Restriction Bypass by not properly checking user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.

How to fix Access Restriction Bypass?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 6.05 or higher.

[,6.05)

Information Exposure

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Information Exposure. User's passwords are stored in the database if workflow is enabled for new users. This allows attackers with access to the database to obtain the user's unencrypted password.

How to fix Information Exposure?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 5.11.0 or higher.

[,5.11.0)

Improper Validation

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Improper Validation. Password reset tokens are still valid after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token.

How to fix Improper Validation?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 5.7.3 or higher.

[,5.7.3)

Information Exposure

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Information Exposure. It allows remote attackers to enumerate user email addresses via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.

How to fix Information Exposure?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 5.11.0 or higher.

[,5.11.0)

Improper Authorization

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Improper Authorization. It does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.

How to fix Improper Authorization?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 5.9.0 or higher.

[,5.9.0)

Privilege Escalation

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Privilege Escalation. It allows remote authenticated users with permission to update or edit users to take over a company administrator user account by editing the company administrator user.

How to fix Privilege Escalation?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 5.16.4 or higher.

[,5.16.4)

Arbitrary File Access

com.liferay.portal:com.liferay.portal.impl is a package part of Liferay.

Affected versions of this package are vulnerable to Arbitrary File Access. The property portlet.resource.id.banned.paths.regexp can be bypassed with doubled encoded URLs, which allows remote attackers to access restricted portlet resources (e.g., files within /META-INF and /WEB-IN).

How to fix Arbitrary File Access?

Upgrade com.liferay.portal:com.liferay.portal.impl to version 7.4.0, 7.1.3 or higher.

[7.2.0,7.4.0)[0,7.1.3)

com.liferay.portal:com.liferay.portal.impl@3.50.7 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically