CVE-2023-35029
Summary
| CVE | CVE-2023-35029 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-15 04:15:00 UTC |
| Updated | 2023-06-22 16:51:00 UTC |
| Description | Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. |
Risk And Classification
Problem Types: CWE-601
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Liferay | Dxp | 7.4 | update_70 | All | All |
| Application | Liferay | Dxp | 7.4 | update_71 | All | All |
| Application | Liferay | Dxp | 7.4 | update_72 | All | All |
| Application | Liferay | Dxp | 7.4 | update_73 | All | All |
| Application | Liferay | Dxp | 7.4 | update_74 | All | All |
| Application | Liferay | Dxp | 7.4 | update_75 | All | All |
| Application | Liferay | Dxp | 7.4 | update_76 | All | All |
| Application | Liferay | Liferay Portal | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2023-35029 Open redirect with backURL in SEO configuration - Liferay | MISC | liferay.dev | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.