How severe is CVE-2023-33949?

CVE-2023-33949 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-33949

Name: liferay_portal
Author: liferay

5.3MEDIUM

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts us

Опубликовано: 5/24/2023Обновлено: 1/9/2026

Описание

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.

ИИ-АнализНа базе ИИ

Затронутые продукты

liferaydigital_experience_platform

liferayliferay_portal

7.3.0

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949
Vendor Advisory
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949
Vendor Advisory