How severe is CVE-2023-33949?

CVE-2023-33949 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-33949

Name: liferay_portal
Author: liferay

5.3MEDIUM

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts us

Publicado: 5/24/2023Atualizado: 1/9/2026

Descrição

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.

Análise IADesenvolvido por IA

Produtos Afetados

liferaydigital_experience_platform

liferayliferay_portal

7.3.0

Referências

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949
Vendor Advisory
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949
Vendor Advisory