CVE-2023-35029 – com.liferay.portal:release.portal.bom

Package

Manager: maven
Name: com.liferay.portal:release.portal.bom
Vulnerable Version: >=7.4.3.70-ga70 <7.4.3.77-ga77

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00231 pctl0.45786

Details

Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Metadata

Created: 2023-06-15T06:30:17Z
Modified: 2025-08-08T21:12:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-22w7-m5f8-87vh/GHSA-22w7-m5f8-87vh.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-22w7-m5f8-87vh
Finding: F156
Auto approve: 1