How severe is CVE-2023-33949?

CVE-2023-33949 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-33949

Name: liferay_portal
Author: liferay

5.3MEDIUM

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts us

Publicado: 5/24/2023Actualizado: 1/9/2026

Descripción

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.

Análisis IAImpulsado por IA

Productos Afectados

liferaydigital_experience_platform

liferayliferay_portal

7.3.0

Referencias

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949
Vendor Advisory
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949
Vendor Advisory