CVE-2023-5190
First published: Tue Feb 20 2024(Updated: )
Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.
Credit: security@liferay.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Liferay 7.4 GA | >=7.4.3.45<=7.4.3.101 | |
| Liferay 7.4 GA | <2023.Q3 | |
| Liferay 7.4 GA | >=7.4<7.4 update 45>=7.4.3.45<=7.4.3.92 | |
| Liferay DXP | =7.4-update45 | |
| Liferay DXP | =7.4-update46 | |
| Liferay DXP | =7.4-update47 | |
| Liferay DXP | =7.4-update48 | |
| Liferay DXP | =7.4-update49 | |
| Liferay DXP | =7.4-update50 | |
| Liferay DXP | =7.4-update51 | |
| Liferay DXP | =7.4-update52 | |
| Liferay DXP | =7.4-update53 | |
| Liferay DXP | =7.4-update54 | |
| Liferay DXP | =7.4-update55 | |
| Liferay DXP | =7.4-update56 | |
| Liferay DXP | =7.4-update57 | |
| Liferay DXP | =7.4-update58 | |
| Liferay DXP | =7.4-update59 | |
| Liferay DXP | =7.4-update60 | |
| Liferay DXP | =7.4-update61 | |
| Liferay DXP | =7.4-update62 | |
| Liferay DXP | =7.4-update63 | |
| Liferay DXP | =7.4-update64 | |
| Liferay DXP | =7.4-update65 | |
| Liferay DXP | =7.4-update66 | |
| Liferay DXP | =7.4-update67 | |
| Liferay DXP | =7.4-update68 | |
| Liferay DXP | =7.4-update69 | |
| Liferay DXP | =7.4-update70 | |
| Liferay DXP | =7.4-update71 | |
| Liferay DXP | =7.4-update72 | |
| Liferay DXP | =7.4-update73 | |
| Liferay DXP | =7.4-update74 | |
| Liferay DXP | =7.4-update75 | |
| Liferay DXP | =7.4-update76 | |
| Liferay DXP | =7.4-update77 | |
| Liferay DXP | =7.4-update78 | |
| Liferay DXP | =7.4-update79 | |
| Liferay DXP | =7.4-update80 | |
| Liferay DXP | =7.4-update81 | |
| Liferay DXP | =7.4-update82 | |
| Liferay DXP | =7.4-update83 | |
| Liferay DXP | =7.4-update84 | |
| Liferay DXP | =7.4-update85 | |
| Liferay DXP | =7.4-update86 | |
| Liferay DXP | =7.4-update87 | |
| Liferay DXP | =7.4-update88 | |
| Liferay DXP | =7.4-update89 | |
| Liferay DXP | =7.4-update90 | |
| Liferay DXP | =7.4-update91 | |
| Liferay DXP | =7.4-update92 | |
| Liferay DXP | =2023.q3.0 | |
| Liferay DXP | =2023.q3.1 | |
| Liferay DXP | =2023.q3.2 | |
| Liferay DXP | =2023.q3.3 | |
| Liferay DXP | =2023.q3.4 | |
| Liferay DXP | =2023.q3.5 | |
| Liferay 7.4 GA | >=7.4.3.45<7.4.3.102 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5190?
CVE-2023-5190 has been classified with a high severity due to the potential for exploitation via open redirect attacks.
How do I fix CVE-2023-5190?
To fix CVE-2023-5190, update your Liferay Portal to version 7.4.3.102 or later, or upgrade Liferay DXP to the latest patched version.
Which versions are affected by CVE-2023-5190?
CVE-2023-5190 affects Liferay Portal versions from 7.4.3.45 through 7.4.3.101 and Liferay DXP 2023.Q3 before patch 6.
What types of attacks can exploit CVE-2023-5190?
CVE-2023-5190 can be exploited to perform open redirect attacks that may lead to phishing or other malicious activities.
Is CVE-2023-5190 a client-side or server-side vulnerability?
CVE-2023-5190 is a server-side vulnerability that allows attackers to manipulate redirect URLs directly on the server.
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/liferay
- canonical/liferay 7.4 ga
- canonical/liferay dxp
- version/liferay dxp/7.4-update45
- version/liferay dxp/7.4-update46
- version/liferay dxp/7.4-update47
- version/liferay dxp/7.4-update48
- version/liferay dxp/7.4-update49
- version/liferay dxp/7.4-update50
- version/liferay dxp/7.4-update51
- version/liferay dxp/7.4-update52
- version/liferay dxp/7.4-update53
- version/liferay dxp/7.4-update54
- version/liferay dxp/7.4-update55
- version/liferay dxp/7.4-update56
- version/liferay dxp/7.4-update57
- version/liferay dxp/7.4-update58
- version/liferay dxp/7.4-update59
- version/liferay dxp/7.4-update60
- version/liferay dxp/7.4-update61
- version/liferay dxp/7.4-update62
- version/liferay dxp/7.4-update63
- version/liferay dxp/7.4-update64
- version/liferay dxp/7.4-update65
- version/liferay dxp/7.4-update66
- version/liferay dxp/7.4-update67
- version/liferay dxp/7.4-update68
- version/liferay dxp/7.4-update69
- version/liferay dxp/7.4-update70
- version/liferay dxp/7.4-update71
- version/liferay dxp/7.4-update72
- version/liferay dxp/7.4-update73
- version/liferay dxp/7.4-update74
- version/liferay dxp/7.4-update75
- version/liferay dxp/7.4-update76
- version/liferay dxp/7.4-update77
- version/liferay dxp/7.4-update78
- version/liferay dxp/7.4-update79
- version/liferay dxp/7.4-update80
- version/liferay dxp/7.4-update81
- version/liferay dxp/7.4-update82
- version/liferay dxp/7.4-update83
- version/liferay dxp/7.4-update84
- version/liferay dxp/7.4-update85
- version/liferay dxp/7.4-update86
- version/liferay dxp/7.4-update87
- version/liferay dxp/7.4-update88
- version/liferay dxp/7.4-update89
- version/liferay dxp/7.4-update90
- version/liferay dxp/7.4-update91
- version/liferay dxp/7.4-update92
- version/liferay dxp/2023.q3.0
- version/liferay dxp/2023.q3.1
- version/liferay dxp/2023.q3.2
- version/liferay dxp/2023.q3.3
- version/liferay dxp/2023.q3.4
- version/liferay dxp/2023.q3.5
- version/liferay 7.4 ga/7.4.3.45