CVE-2023-5190 — Open Redirect in Portal

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 44.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Liferay Portal Liferay DXP Liferay Portal +1 more

Timeline

PublishedFeb 20

Description

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDliferay/liferay_portal7.4.3.45 — 7.4.3.102

▶CVEListV5liferay/portal7.4.3.45 — 7.4.3.101

▶CVEListV5liferay/dxp2023.q3.1 — 2023.q3.5+1

▶NVDliferay/digital_experience_platform7 versions+6

🔴Vulnerability Details

OSV

Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page↗2024-02-20

▶

CVEList

CVE-2023-5190: Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7↗2024-02-20

▶

GHSA

Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page↗2024-02-20

▶