CVE-2024-25605

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 20, 2024
CWE ID 276

Summary

CVE-2024-25605 is a vulnerability in the Journal module of Liferay Portal versions 7.2.0 through 7.4.3.4, as well as older unsupported versions, and Liferay DXP version 7.4.13, 7.3 before service pack 3, and 7.2 before fix pack 17, along with older unsupported versions. This vulnerability grants guest users the ability to view web content templates by default, allowing remote attackers to access any template through the user interface or API. The base severity of this vulnerability is rated as MEDIUM with a base score of 5.3 according to CVSS:3.1 scoring system. It does not require any privileges or user interaction to exploit and can be exploited over a network without impacting integrity or availability, while confidentiality impact is rated as LOW.

Remediation for this vulnerability would involve updating Liferay Portal to version 7.4.3 GA5 or higher for the affected versions (including unsupported versions), and updating Liferay DXP to version 7.4 SP3+ or higher for the affected versions (including unsupported versions). By applying these updates, organizations can mitigate the risk posed by unauthorized access to web content templates for guest users.

This vulnerability poses a potential danger to organizations using Liferay Portal or Liferay DXP, as it allows unauthorized users to view sensitive web content templates that they should not have access to. This could lead to information disclosure and compromise the confidentiality of sensitive data stored within these templates. Organizations should promptly address this vulnerability through the recommended updates to protect their data and prevent unauthorized access.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25605 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options