critical
9.6
CWE
352 79
EPSS
0.046%
Advisory Published
Updated

CVE-2024-8980: CSRF

First published: Tue Oct 22 2024(Updated: )

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.

Credit: security@liferay.com

Affected SoftwareAffected VersionHow to fix
Liferay DXP>=6.2<=7.2
Liferay DXP>=2023.q3.1<2023.q3.5
Liferay DXP=7.3
Liferay DXP=7.3-fix_pack_1
Liferay DXP=7.3-fix_pack_2
Liferay DXP=7.3-service_pack_1
Liferay DXP=7.3-service_pack_3
Liferay DXP=7.3-update10
Liferay DXP=7.3-update11
Liferay DXP=7.3-update12
Liferay DXP=7.3-update13
Liferay DXP=7.3-update14
Liferay DXP=7.3-update15
Liferay DXP=7.3-update16
Liferay DXP=7.3-update17
Liferay DXP=7.3-update18
Liferay DXP=7.3-update19
Liferay DXP=7.3-update20
Liferay DXP=7.3-update21
Liferay DXP=7.3-update22
Liferay DXP=7.3-update23
Liferay DXP=7.3-update24
Liferay DXP=7.3-update25
Liferay DXP=7.3-update26
Liferay DXP=7.3-update27
Liferay DXP=7.3-update28
Liferay DXP=7.3-update29
Liferay DXP=7.3-update30
Liferay DXP=7.3-update31
Liferay DXP=7.3-update32
Liferay DXP=7.3-update33
Liferay DXP=7.3-update34
Liferay DXP=7.3-update35
Liferay DXP=7.3-update4
Liferay DXP=7.3-update5
Liferay DXP=7.3-update6
Liferay DXP=7.3-update7
Liferay DXP=7.3-update8
Liferay DXP=7.3-update9
Liferay DXP=7.4
Liferay DXP=7.4-update1
Liferay DXP=7.4-update10
Liferay DXP=7.4-update11
Liferay DXP=7.4-update12
Liferay DXP=7.4-update13
Liferay DXP=7.4-update14
Liferay DXP=7.4-update15
Liferay DXP=7.4-update16
Liferay DXP=7.4-update17
Liferay DXP=7.4-update18
Liferay DXP=7.4-update19
Liferay DXP=7.4-update2
Liferay DXP=7.4-update20
Liferay DXP=7.4-update21
Liferay DXP=7.4-update22
Liferay DXP=7.4-update23
Liferay DXP=7.4-update24
Liferay DXP=7.4-update25
Liferay DXP=7.4-update26
Liferay DXP=7.4-update27
Liferay DXP=7.4-update28
Liferay DXP=7.4-update29
Liferay DXP=7.4-update3
Liferay DXP=7.4-update30
Liferay DXP=7.4-update31
Liferay DXP=7.4-update32
Liferay DXP=7.4-update33
Liferay DXP=7.4-update34
Liferay DXP=7.4-update35
Liferay DXP=7.4-update36
Liferay DXP=7.4-update37
Liferay DXP=7.4-update38
Liferay DXP=7.4-update39
Liferay DXP=7.4-update4
Liferay DXP=7.4-update40
Liferay DXP=7.4-update41
Liferay DXP=7.4-update42
Liferay DXP=7.4-update43
Liferay DXP=7.4-update44
Liferay DXP=7.4-update45
Liferay DXP=7.4-update46
Liferay DXP=7.4-update47
Liferay DXP=7.4-update48
Liferay DXP=7.4-update49
Liferay DXP=7.4-update5
Liferay DXP=7.4-update50
Liferay DXP=7.4-update51
Liferay DXP=7.4-update52
Liferay DXP=7.4-update53
Liferay DXP=7.4-update54
Liferay DXP=7.4-update55
Liferay DXP=7.4-update56
Liferay DXP=7.4-update57
Liferay DXP=7.4-update58
Liferay DXP=7.4-update59
Liferay DXP=7.4-update6
Liferay DXP=7.4-update60
Liferay DXP=7.4-update61
Liferay DXP=7.4-update62
Liferay DXP=7.4-update63
Liferay DXP=7.4-update64
Liferay DXP=7.4-update65
Liferay DXP=7.4-update66
Liferay DXP=7.4-update67
Liferay DXP=7.4-update68
Liferay DXP=7.4-update69
Liferay DXP=7.4-update7
Liferay DXP=7.4-update70
Liferay DXP=7.4-update71
Liferay DXP=7.4-update72
Liferay DXP=7.4-update73
Liferay DXP=7.4-update74
Liferay DXP=7.4-update75
Liferay DXP=7.4-update76
Liferay DXP=7.4-update77
Liferay DXP=7.4-update78
Liferay DXP=7.4-update79
Liferay DXP=7.4-update8
Liferay DXP=7.4-update80
Liferay DXP=7.4-update81
Liferay DXP=7.4-update82
Liferay DXP=7.4-update83
Liferay DXP=7.4-update84
Liferay DXP=7.4-update85
Liferay DXP=7.4-update86
Liferay DXP=7.4-update87
Liferay DXP=7.4-update88
Liferay DXP=7.4-update89
Liferay DXP=7.4-update9
Liferay DXP=7.4-update90
Liferay DXP=7.4-update91
Liferay DXP=7.4-update92
Liferay 7.4 GA>=7.0.0<7.0.6
Liferay 7.4 GA>=7.1.0<7.1.3
Liferay 7.4 GA>=7.2.0<=7.2.1
Liferay 7.4 GA>=7.3.0<=7.3.7
Liferay 7.4 GA>=7.4.0<7.4.3.102

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-8980?

    CVE-2024-8980 has been classified as a medium severity vulnerability.

  • How do I fix CVE-2024-8980?

    To fix CVE-2024-8980, update your Liferay DXP or Liferay Portal to a patched version that addresses this vulnerability.

  • What versions are affected by CVE-2024-8980?

    CVE-2024-8980 affects Liferay Portal versions from 7.0.0 through 7.4.3.101 and various versions of Liferay DXP.

  • What kind of impact does CVE-2024-8980 have?

    CVE-2024-8980 can potentially allow an attacker to exploit the Script Console for unauthorized access to sensitive data.

  • Is CVE-2024-8980 being actively exploited?

    As of now, there is no public information indicating that CVE-2024-8980 is actively being exploited in the wild.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203