What is the severity of CVE-2024-26272?

CVE-2024-26272 is classified as a high-severity vulnerability due to its potential impact on user accounts.

How do I fix CVE-2024-26272?

To fix CVE-2024-26272, update Liferay Portal to versions 7.4.3.108 or higher, or 7.3.7 or higher.

What types of attacks does CVE-2024-26272 allow?

CVE-2024-26272 allows remote attackers to perform cross-site request forgery attacks that can change user passwords and other sensitive data.

Which versions of Liferay are affected by CVE-2024-26272?

CVE-2024-26272 affects Liferay Portal versions 7.3.2 to 7.4.3.107 and Liferay DXP versions up to 2023.Q4.2.

What is the nature of the vulnerability described in CVE-2024-26272?

CVE-2024-26272 is a cross-site request forgery (CSRF) vulnerability specifically within the content page editor of Liferay Portal.

Vulnerability/
CVE-2024-26272

high

8.8

CWE

352

22/10/2024

28/4/2025

CVE-2024-26272: CSRF

First published: Tue Oct 22 2024(Updated: )

Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the p_l_back_url parameter.

Credit: security@liferay.com

Affected Software	Affected Version	How to fix
Liferay 7.4 GA	>=2023.q3.1<2023.q3.6
Liferay 7.4 GA	>=2023.q4.0<2023.q4.3
Liferay 7.4 GA	=7.3
Liferay 7.4 GA	=7.3-fix_pack_1
Liferay 7.4 GA	=7.3-fix_pack_2
Liferay 7.4 GA	=7.3-service_pack_1
Liferay 7.4 GA	=7.3-service_pack_3
Liferay 7.4 GA	=7.3-update10
Liferay 7.4 GA	=7.3-update11
Liferay 7.4 GA	=7.3-update12
Liferay 7.4 GA	=7.3-update13
Liferay 7.4 GA	=7.3-update14
Liferay 7.4 GA	=7.3-update15
Liferay 7.4 GA	=7.3-update16
Liferay 7.4 GA	=7.3-update17
Liferay 7.4 GA	=7.3-update18
Liferay 7.4 GA	=7.3-update19
Liferay 7.4 GA	=7.3-update20
Liferay 7.4 GA	=7.3-update21
Liferay 7.4 GA	=7.3-update22
Liferay 7.4 GA	=7.3-update23
Liferay 7.4 GA	=7.3-update24
Liferay 7.4 GA	=7.3-update25
Liferay 7.4 GA	=7.3-update26
Liferay 7.4 GA	=7.3-update27
Liferay 7.4 GA	=7.3-update28
Liferay 7.4 GA	=7.3-update29
Liferay 7.4 GA	=7.3-update30
Liferay 7.4 GA	=7.3-update31
Liferay 7.4 GA	=7.3-update32
Liferay 7.4 GA	=7.3-update33
Liferay 7.4 GA	=7.3-update34
Liferay 7.4 GA	=7.3-update35
Liferay 7.4 GA	=7.3-update4
Liferay 7.4 GA	=7.3-update5
Liferay 7.4 GA	=7.3-update6
Liferay 7.4 GA	=7.3-update7
Liferay 7.4 GA	=7.3-update8
Liferay 7.4 GA	=7.3-update9
Liferay 7.4 GA	=7.4
Liferay 7.4 GA	=7.4-update1
Liferay 7.4 GA	=7.4-update10
Liferay 7.4 GA	=7.4-update11
Liferay 7.4 GA	=7.4-update12
Liferay 7.4 GA	=7.4-update13
Liferay 7.4 GA	=7.4-update14
Liferay 7.4 GA	=7.4-update15
Liferay 7.4 GA	=7.4-update16
Liferay 7.4 GA	=7.4-update17
Liferay 7.4 GA	=7.4-update18
Liferay 7.4 GA	=7.4-update19
Liferay 7.4 GA	=7.4-update2
Liferay 7.4 GA	=7.4-update20
Liferay 7.4 GA	=7.4-update21
Liferay 7.4 GA	=7.4-update22
Liferay 7.4 GA	=7.4-update23
Liferay 7.4 GA	=7.4-update24
Liferay 7.4 GA	=7.4-update25
Liferay 7.4 GA	=7.4-update26
Liferay 7.4 GA	=7.4-update27
Liferay 7.4 GA	=7.4-update28
Liferay 7.4 GA	=7.4-update29
Liferay 7.4 GA	=7.4-update3
Liferay 7.4 GA	=7.4-update30
Liferay 7.4 GA	=7.4-update31
Liferay 7.4 GA	=7.4-update32
Liferay 7.4 GA	=7.4-update33
Liferay 7.4 GA	=7.4-update34
Liferay 7.4 GA	=7.4-update35
Liferay 7.4 GA	=7.4-update36
Liferay 7.4 GA	=7.4-update37
Liferay 7.4 GA	=7.4-update38
Liferay 7.4 GA	=7.4-update39
Liferay 7.4 GA	=7.4-update4
Liferay 7.4 GA	=7.4-update40
Liferay 7.4 GA	=7.4-update41
Liferay 7.4 GA	=7.4-update42
Liferay 7.4 GA	=7.4-update43
Liferay 7.4 GA	=7.4-update44
Liferay 7.4 GA	=7.4-update45
Liferay 7.4 GA	=7.4-update46
Liferay 7.4 GA	=7.4-update47
Liferay 7.4 GA	=7.4-update48
Liferay 7.4 GA	=7.4-update49
Liferay 7.4 GA	=7.4-update5
Liferay 7.4 GA	=7.4-update50
Liferay 7.4 GA	=7.4-update51
Liferay 7.4 GA	=7.4-update52
Liferay 7.4 GA	=7.4-update53
Liferay 7.4 GA	=7.4-update54
Liferay 7.4 GA	=7.4-update55
Liferay 7.4 GA	=7.4-update56
Liferay 7.4 GA	=7.4-update57
Liferay 7.4 GA	=7.4-update58
Liferay 7.4 GA	=7.4-update59
Liferay 7.4 GA	=7.4-update6
Liferay 7.4 GA	=7.4-update60
Liferay 7.4 GA	=7.4-update61
Liferay 7.4 GA	=7.4-update62
Liferay 7.4 GA	=7.4-update63
Liferay 7.4 GA	=7.4-update64
Liferay 7.4 GA	=7.4-update65
Liferay 7.4 GA	=7.4-update66
Liferay 7.4 GA	=7.4-update67
Liferay 7.4 GA	=7.4-update68
Liferay 7.4 GA	=7.4-update69
Liferay 7.4 GA	=7.4-update7
Liferay 7.4 GA	=7.4-update70
Liferay 7.4 GA	=7.4-update71
Liferay 7.4 GA	=7.4-update72
Liferay 7.4 GA	=7.4-update73
Liferay 7.4 GA	=7.4-update74
Liferay 7.4 GA	=7.4-update75
Liferay 7.4 GA	=7.4-update76
Liferay 7.4 GA	=7.4-update77
Liferay 7.4 GA	=7.4-update78
Liferay 7.4 GA	=7.4-update79
Liferay 7.4 GA	=7.4-update8
Liferay 7.4 GA	=7.4-update80
Liferay 7.4 GA	=7.4-update81
Liferay 7.4 GA	=7.4-update82
Liferay 7.4 GA	=7.4-update83
Liferay 7.4 GA	=7.4-update84
Liferay 7.4 GA	=7.4-update85
Liferay 7.4 GA	=7.4-update86
Liferay 7.4 GA	=7.4-update87
Liferay 7.4 GA	=7.4-update88
Liferay 7.4 GA	=7.4-update89
Liferay 7.4 GA	=7.4-update9
Liferay 7.4 GA	=7.4-update90
Liferay 7.4 GA	=7.4-update91
Liferay 7.4 GA	=7.4-update92
Liferay 7.4 GA	>=7.3.2<=7.3.7
Liferay 7.4 GA	>=7.4.0<7.4.3.108
maven/com.liferay.portal:release.dxp.bom	>=7.4.GA<=7.4u92	7.4u93
maven/com.liferay.portal:release.dxp.bom	>=7.3.GA<7.3u36	7.3u36
maven/com.liferay.portal:release.dxp.bom	>=2023.Q3.1<2023.Q3.6	2023.Q3.6
maven/com.liferay.portal:release.dxp.bom	>=2023.Q4.0<2023.Q4.3	2023.Q4.3
maven/com.liferay.portal:release.portal.bom	>=7.3.2<7.4.3.108	7.4.3.108
	>=2023.q3.1<2023.q3.6
	>=2023.q4.0<2023.q4.3
	=7.3
	=7.3-fix_pack_1
	=7.3-fix_pack_2
	=7.3-service_pack_1
	=7.3-service_pack_3
	=7.3-update10
	=7.3-update11
	=7.3-update12
	=7.3-update13
	=7.3-update14
	=7.3-update15
	=7.3-update16
	=7.3-update17
	=7.3-update18
	=7.3-update19
	=7.3-update20
	=7.3-update21
	=7.3-update22
	=7.3-update23
	=7.3-update24
	=7.3-update25
	=7.3-update26
	=7.3-update27
	=7.3-update28
	=7.3-update29
	=7.3-update30
	=7.3-update31
	=7.3-update32
	=7.3-update33
	=7.3-update34
	=7.3-update35
	=7.3-update4
	=7.3-update5
	=7.3-update6
	=7.3-update7
	=7.3-update8
	=7.3-update9
	=7.4
	=7.4-update1
	=7.4-update10
	=7.4-update11
	=7.4-update12
	=7.4-update13
	=7.4-update14
	=7.4-update15
	=7.4-update16
	=7.4-update17
	=7.4-update18
	=7.4-update19
	=7.4-update2
	=7.4-update20
	=7.4-update21
	=7.4-update22
	=7.4-update23
	=7.4-update24
	=7.4-update25
	=7.4-update26
	=7.4-update27
	=7.4-update28
	=7.4-update29
	=7.4-update3
	=7.4-update30
	=7.4-update31
	=7.4-update32
	=7.4-update33
	=7.4-update34
	=7.4-update35
	=7.4-update36
	=7.4-update37
	=7.4-update38
	=7.4-update39
	=7.4-update4
	=7.4-update40
	=7.4-update41
	=7.4-update42
	=7.4-update43
	=7.4-update44
	=7.4-update45
	=7.4-update46
	=7.4-update47
	=7.4-update48
	=7.4-update49
	=7.4-update5
	=7.4-update50
	=7.4-update51
	=7.4-update52
	=7.4-update53
	=7.4-update54
	=7.4-update55
	=7.4-update56
	=7.4-update57
	=7.4-update58
	=7.4-update59
	=7.4-update6
	=7.4-update60
	=7.4-update61
	=7.4-update62
	=7.4-update63
	=7.4-update64
	=7.4-update65
	=7.4-update66
	=7.4-update67
	=7.4-update68
	=7.4-update69
	=7.4-update7
	=7.4-update70
	=7.4-update71
	=7.4-update72
	=7.4-update73
	=7.4-update74
	=7.4-update75
	=7.4-update76
	=7.4-update77
	=7.4-update78
	=7.4-update79
	=7.4-update8
	=7.4-update80
	=7.4-update81
	=7.4-update82
	=7.4-update83
	=7.4-update84
	=7.4-update85
	=7.4-update86
	=7.4-update87
	=7.4-update88
	=7.4-update89
	=7.4-update9
	=7.4-update90
	=7.4-update91
	=7.4-update92
	>=7.3.2<=7.3.7
	>=7.4.0<7.4.3.108

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-26272?
CVE-2024-26272 is classified as a high-severity vulnerability due to its potential impact on user accounts.
How do I fix CVE-2024-26272?
To fix CVE-2024-26272, update Liferay Portal to versions 7.4.3.108 or higher, or 7.3.7 or higher.
What types of attacks does CVE-2024-26272 allow?
CVE-2024-26272 allows remote attackers to perform cross-site request forgery attacks that can change user passwords and other sensitive data.
Which versions of Liferay are affected by CVE-2024-26272?
CVE-2024-26272 affects Liferay Portal versions 7.3.2 to 7.4.3.107 and Liferay DXP versions up to 2023.Q4.2.
What is the nature of the vulnerability described in CVE-2024-26272?
CVE-2024-26272 is a cross-site request forgery (CSRF) vulnerability specifically within the content page editor of Liferay Portal.

agent/weakness
agent/first-publish-date
agent/type
agent/description
agent/author
agent/severity
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/github-advisory-latest
source/GitHub
alias/GHSA-p63m-vmjr-wg37
alias/CVE-2024-26272
agent/source
agent/references
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
collector/nvd-cve
vendor/liferay
canonical/liferay 7.4 ga
version/liferay 7.4 ga/2023.q3.1
version/liferay 7.4 ga/2023.q4.0
version/liferay 7.4 ga/7.3
version/liferay 7.4 ga/7.3-fix_pack_1
version/liferay 7.4 ga/7.3-fix_pack_2
version/liferay 7.4 ga/7.3-service_pack_1
version/liferay 7.4 ga/7.3-service_pack_3
version/liferay 7.4 ga/7.3-update10
version/liferay 7.4 ga/7.3-update11
version/liferay 7.4 ga/7.3-update12
version/liferay 7.4 ga/7.3-update13
version/liferay 7.4 ga/7.3-update14
version/liferay 7.4 ga/7.3-update15
version/liferay 7.4 ga/7.3-update16
version/liferay 7.4 ga/7.3-update17
version/liferay 7.4 ga/7.3-update18
version/liferay 7.4 ga/7.3-update19
version/liferay 7.4 ga/7.3-update20
version/liferay 7.4 ga/7.3-update21
version/liferay 7.4 ga/7.3-update22
version/liferay 7.4 ga/7.3-update23
version/liferay 7.4 ga/7.3-update24
version/liferay 7.4 ga/7.3-update25
version/liferay 7.4 ga/7.3-update26
version/liferay 7.4 ga/7.3-update27
version/liferay 7.4 ga/7.3-update28
version/liferay 7.4 ga/7.3-update29
version/liferay 7.4 ga/7.3-update30
version/liferay 7.4 ga/7.3-update31
version/liferay 7.4 ga/7.3-update32
version/liferay 7.4 ga/7.3-update33
version/liferay 7.4 ga/7.3-update34
version/liferay 7.4 ga/7.3-update35
version/liferay 7.4 ga/7.3-update4
version/liferay 7.4 ga/7.3-update5
version/liferay 7.4 ga/7.3-update6
version/liferay 7.4 ga/7.3-update7
version/liferay 7.4 ga/7.3-update8
version/liferay 7.4 ga/7.3-update9
version/liferay 7.4 ga/7.4
version/liferay 7.4 ga/7.4-update1
version/liferay 7.4 ga/7.4-update10
version/liferay 7.4 ga/7.4-update11
version/liferay 7.4 ga/7.4-update12
version/liferay 7.4 ga/7.4-update13
version/liferay 7.4 ga/7.4-update14
version/liferay 7.4 ga/7.4-update15
version/liferay 7.4 ga/7.4-update16
version/liferay 7.4 ga/7.4-update17
version/liferay 7.4 ga/7.4-update18
version/liferay 7.4 ga/7.4-update19
version/liferay 7.4 ga/7.4-update2
version/liferay 7.4 ga/7.4-update20
version/liferay 7.4 ga/7.4-update21
version/liferay 7.4 ga/7.4-update22
version/liferay 7.4 ga/7.4-update23
version/liferay 7.4 ga/7.4-update24
version/liferay 7.4 ga/7.4-update25
version/liferay 7.4 ga/7.4-update26
version/liferay 7.4 ga/7.4-update27
version/liferay 7.4 ga/7.4-update28
version/liferay 7.4 ga/7.4-update29
version/liferay 7.4 ga/7.4-update3
version/liferay 7.4 ga/7.4-update30
version/liferay 7.4 ga/7.4-update31
version/liferay 7.4 ga/7.4-update32
version/liferay 7.4 ga/7.4-update33
version/liferay 7.4 ga/7.4-update34
version/liferay 7.4 ga/7.4-update35
version/liferay 7.4 ga/7.4-update36
version/liferay 7.4 ga/7.4-update37
version/liferay 7.4 ga/7.4-update38
version/liferay 7.4 ga/7.4-update39
version/liferay 7.4 ga/7.4-update4
version/liferay 7.4 ga/7.4-update40
version/liferay 7.4 ga/7.4-update41
version/liferay 7.4 ga/7.4-update42
version/liferay 7.4 ga/7.4-update43
version/liferay 7.4 ga/7.4-update44
version/liferay 7.4 ga/7.4-update45
version/liferay 7.4 ga/7.4-update46
version/liferay 7.4 ga/7.4-update47
version/liferay 7.4 ga/7.4-update48
version/liferay 7.4 ga/7.4-update49
version/liferay 7.4 ga/7.4-update5
version/liferay 7.4 ga/7.4-update50
version/liferay 7.4 ga/7.4-update51
version/liferay 7.4 ga/7.4-update52
version/liferay 7.4 ga/7.4-update53
version/liferay 7.4 ga/7.4-update54
version/liferay 7.4 ga/7.4-update55
version/liferay 7.4 ga/7.4-update56
version/liferay 7.4 ga/7.4-update57
version/liferay 7.4 ga/7.4-update58
version/liferay 7.4 ga/7.4-update59
version/liferay 7.4 ga/7.4-update6
version/liferay 7.4 ga/7.4-update60
version/liferay 7.4 ga/7.4-update61
version/liferay 7.4 ga/7.4-update62
version/liferay 7.4 ga/7.4-update63
version/liferay 7.4 ga/7.4-update64
version/liferay 7.4 ga/7.4-update65
version/liferay 7.4 ga/7.4-update66
version/liferay 7.4 ga/7.4-update67
version/liferay 7.4 ga/7.4-update68
version/liferay 7.4 ga/7.4-update69
version/liferay 7.4 ga/7.4-update7
version/liferay 7.4 ga/7.4-update70
version/liferay 7.4 ga/7.4-update71
version/liferay 7.4 ga/7.4-update72
version/liferay 7.4 ga/7.4-update73
version/liferay 7.4 ga/7.4-update74
version/liferay 7.4 ga/7.4-update75
version/liferay 7.4 ga/7.4-update76
version/liferay 7.4 ga/7.4-update77
version/liferay 7.4 ga/7.4-update78
version/liferay 7.4 ga/7.4-update79
version/liferay 7.4 ga/7.4-update8
version/liferay 7.4 ga/7.4-update80
version/liferay 7.4 ga/7.4-update81
version/liferay 7.4 ga/7.4-update82
version/liferay 7.4 ga/7.4-update83
version/liferay 7.4 ga/7.4-update84
version/liferay 7.4 ga/7.4-update85
version/liferay 7.4 ga/7.4-update86
version/liferay 7.4 ga/7.4-update87
version/liferay 7.4 ga/7.4-update88
version/liferay 7.4 ga/7.4-update89
version/liferay 7.4 ga/7.4-update9
version/liferay 7.4 ga/7.4-update90
version/liferay 7.4 ga/7.4-update91
version/liferay 7.4 ga/7.4-update92
version/liferay 7.4 ga/7.3.2
version/liferay 7.4 ga/7.3.7
version/liferay 7.4 ga/7.4.0
package-manager/maven