CVE-2023-35029Open Redirect in Portal

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 39.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Liferay PortalLiferay DXPLiferay Portal
Timeline
PublishedJun 15

Description

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDliferay/liferay_portal7.4.3.707.4.3.77
CVEListV5liferay/portal7.4.3.707.4.3.76
CVEListV5liferay/dxp7.4.13.u707.4.13.u76
NVDliferay/dxp7.4

Patches

Patch: liferay.devPatch: liferay.dev

🔴Vulnerability Details

3
CVEList
CVE-2023-35029: Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 72023-06-15
OSV
Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module2023-06-15
GHSA
Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module2023-06-15
CVE-2023-35029 — Open Redirect in Liferay Portal | cvebase