What is the severity of CVE-2024-8980?

CVE-2024-8980 has been classified as a medium severity vulnerability.

How do I fix CVE-2024-8980?

To fix CVE-2024-8980, update your Liferay DXP or Liferay Portal to a patched version that addresses this vulnerability.

What versions are affected by CVE-2024-8980?

CVE-2024-8980 affects Liferay Portal versions from 7.0.0 through 7.4.3.101 and various versions of Liferay DXP.

What kind of impact does CVE-2024-8980 have?

CVE-2024-8980 can potentially allow an attacker to exploit the Script Console for unauthorized access to sensitive data.

Is CVE-2024-8980 being actively exploited?

As of now, there is no public information indicating that CVE-2024-8980 is actively being exploited in the wild.

Vulnerability/
CVE-2024-8980

critical

9.6

CWE

352 79

EPSS

0.046%

22/10/2024

10/12/2024

CVE-2024-8980: CSRF

First published: Tue Oct 22 2024(Updated: )

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.

Credit: security@liferay.com

Affected Software	Affected Version	How to fix
Liferay 7.4 GA	>=6.2<=7.2
Liferay 7.4 GA	>=2023.q3.1<2023.q3.5
Liferay 7.4 GA	=7.3
Liferay 7.4 GA	=7.3-fix_pack_1
Liferay 7.4 GA	=7.3-fix_pack_2
Liferay 7.4 GA	=7.3-service_pack_1
Liferay 7.4 GA	=7.3-service_pack_3
Liferay 7.4 GA	=7.3-update10
Liferay 7.4 GA	=7.3-update11
Liferay 7.4 GA	=7.3-update12
Liferay 7.4 GA	=7.3-update13
Liferay 7.4 GA	=7.3-update14
Liferay 7.4 GA	=7.3-update15
Liferay 7.4 GA	=7.3-update16
Liferay 7.4 GA	=7.3-update17
Liferay 7.4 GA	=7.3-update18
Liferay 7.4 GA	=7.3-update19
Liferay 7.4 GA	=7.3-update20
Liferay 7.4 GA	=7.3-update21
Liferay 7.4 GA	=7.3-update22
Liferay 7.4 GA	=7.3-update23
Liferay 7.4 GA	=7.3-update24
Liferay 7.4 GA	=7.3-update25
Liferay 7.4 GA	=7.3-update26
Liferay 7.4 GA	=7.3-update27
Liferay 7.4 GA	=7.3-update28
Liferay 7.4 GA	=7.3-update29
Liferay 7.4 GA	=7.3-update30
Liferay 7.4 GA	=7.3-update31
Liferay 7.4 GA	=7.3-update32
Liferay 7.4 GA	=7.3-update33
Liferay 7.4 GA	=7.3-update34
Liferay 7.4 GA	=7.3-update35
Liferay 7.4 GA	=7.3-update4
Liferay 7.4 GA	=7.3-update5
Liferay 7.4 GA	=7.3-update6
Liferay 7.4 GA	=7.3-update7
Liferay 7.4 GA	=7.3-update8
Liferay 7.4 GA	=7.3-update9
Liferay 7.4 GA	=7.4
Liferay 7.4 GA	=7.4-update1
Liferay 7.4 GA	=7.4-update10
Liferay 7.4 GA	=7.4-update11
Liferay 7.4 GA	=7.4-update12
Liferay 7.4 GA	=7.4-update13
Liferay 7.4 GA	=7.4-update14
Liferay 7.4 GA	=7.4-update15
Liferay 7.4 GA	=7.4-update16
Liferay 7.4 GA	=7.4-update17
Liferay 7.4 GA	=7.4-update18
Liferay 7.4 GA	=7.4-update19
Liferay 7.4 GA	=7.4-update2
Liferay 7.4 GA	=7.4-update20
Liferay 7.4 GA	=7.4-update21
Liferay 7.4 GA	=7.4-update22
Liferay 7.4 GA	=7.4-update23
Liferay 7.4 GA	=7.4-update24
Liferay 7.4 GA	=7.4-update25
Liferay 7.4 GA	=7.4-update26
Liferay 7.4 GA	=7.4-update27
Liferay 7.4 GA	=7.4-update28
Liferay 7.4 GA	=7.4-update29
Liferay 7.4 GA	=7.4-update3
Liferay 7.4 GA	=7.4-update30
Liferay 7.4 GA	=7.4-update31
Liferay 7.4 GA	=7.4-update32
Liferay 7.4 GA	=7.4-update33
Liferay 7.4 GA	=7.4-update34
Liferay 7.4 GA	=7.4-update35
Liferay 7.4 GA	=7.4-update36
Liferay 7.4 GA	=7.4-update37
Liferay 7.4 GA	=7.4-update38
Liferay 7.4 GA	=7.4-update39
Liferay 7.4 GA	=7.4-update4
Liferay 7.4 GA	=7.4-update40
Liferay 7.4 GA	=7.4-update41
Liferay 7.4 GA	=7.4-update42
Liferay 7.4 GA	=7.4-update43
Liferay 7.4 GA	=7.4-update44
Liferay 7.4 GA	=7.4-update45
Liferay 7.4 GA	=7.4-update46
Liferay 7.4 GA	=7.4-update47
Liferay 7.4 GA	=7.4-update48
Liferay 7.4 GA	=7.4-update49
Liferay 7.4 GA	=7.4-update5
Liferay 7.4 GA	=7.4-update50
Liferay 7.4 GA	=7.4-update51
Liferay 7.4 GA	=7.4-update52
Liferay 7.4 GA	=7.4-update53
Liferay 7.4 GA	=7.4-update54
Liferay 7.4 GA	=7.4-update55
Liferay 7.4 GA	=7.4-update56
Liferay 7.4 GA	=7.4-update57
Liferay 7.4 GA	=7.4-update58
Liferay 7.4 GA	=7.4-update59
Liferay 7.4 GA	=7.4-update6
Liferay 7.4 GA	=7.4-update60
Liferay 7.4 GA	=7.4-update61
Liferay 7.4 GA	=7.4-update62
Liferay 7.4 GA	=7.4-update63
Liferay 7.4 GA	=7.4-update64
Liferay 7.4 GA	=7.4-update65
Liferay 7.4 GA	=7.4-update66
Liferay 7.4 GA	=7.4-update67
Liferay 7.4 GA	=7.4-update68
Liferay 7.4 GA	=7.4-update69
Liferay 7.4 GA	=7.4-update7
Liferay 7.4 GA	=7.4-update70
Liferay 7.4 GA	=7.4-update71
Liferay 7.4 GA	=7.4-update72
Liferay 7.4 GA	=7.4-update73
Liferay 7.4 GA	=7.4-update74
Liferay 7.4 GA	=7.4-update75
Liferay 7.4 GA	=7.4-update76
Liferay 7.4 GA	=7.4-update77
Liferay 7.4 GA	=7.4-update78
Liferay 7.4 GA	=7.4-update79
Liferay 7.4 GA	=7.4-update8
Liferay 7.4 GA	=7.4-update80
Liferay 7.4 GA	=7.4-update81
Liferay 7.4 GA	=7.4-update82
Liferay 7.4 GA	=7.4-update83
Liferay 7.4 GA	=7.4-update84
Liferay 7.4 GA	=7.4-update85
Liferay 7.4 GA	=7.4-update86
Liferay 7.4 GA	=7.4-update87
Liferay 7.4 GA	=7.4-update88
Liferay 7.4 GA	=7.4-update89
Liferay 7.4 GA	=7.4-update9
Liferay 7.4 GA	=7.4-update90
Liferay 7.4 GA	=7.4-update91
Liferay 7.4 GA	=7.4-update92
Liferay 7.4 GA	>=7.0.0<7.0.6
Liferay 7.4 GA	>=7.1.0<7.1.3
Liferay 7.4 GA	>=7.2.0<=7.2.1
Liferay 7.4 GA	>=7.3.0<=7.3.7
Liferay 7.4 GA	>=7.4.0<7.4.3.102

Never miss a vulnerability like this again

Reference Links

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980

Frequently Asked Questions

What is the severity of CVE-2024-8980?
CVE-2024-8980 has been classified as a medium severity vulnerability.
How do I fix CVE-2024-8980?
To fix CVE-2024-8980, update your Liferay DXP or Liferay Portal to a patched version that addresses this vulnerability.
What versions are affected by CVE-2024-8980?
CVE-2024-8980 affects Liferay Portal versions from 7.0.0 through 7.4.3.101 and various versions of Liferay DXP.
What kind of impact does CVE-2024-8980 have?
CVE-2024-8980 can potentially allow an attacker to exploit the Script Console for unauthorized access to sensitive data.
Is CVE-2024-8980 being actively exploited?
As of now, there is no public information indicating that CVE-2024-8980 is actively being exploited in the wild.

agent/references
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/trending
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/liferay
canonical/liferay 7.4 ga
version/liferay 7.4 ga/6.2
version/liferay 7.4 ga/7.2
version/liferay 7.4 ga/2023.q3.1
version/liferay 7.4 ga/7.3
version/liferay 7.4 ga/7.3-fix_pack_1
version/liferay 7.4 ga/7.3-fix_pack_2
version/liferay 7.4 ga/7.3-service_pack_1
version/liferay 7.4 ga/7.3-service_pack_3
version/liferay 7.4 ga/7.3-update10
version/liferay 7.4 ga/7.3-update11
version/liferay 7.4 ga/7.3-update12
version/liferay 7.4 ga/7.3-update13
version/liferay 7.4 ga/7.3-update14
version/liferay 7.4 ga/7.3-update15
version/liferay 7.4 ga/7.3-update16
version/liferay 7.4 ga/7.3-update17
version/liferay 7.4 ga/7.3-update18
version/liferay 7.4 ga/7.3-update19
version/liferay 7.4 ga/7.3-update20
version/liferay 7.4 ga/7.3-update21
version/liferay 7.4 ga/7.3-update22
version/liferay 7.4 ga/7.3-update23
version/liferay 7.4 ga/7.3-update24
version/liferay 7.4 ga/7.3-update25
version/liferay 7.4 ga/7.3-update26
version/liferay 7.4 ga/7.3-update27
version/liferay 7.4 ga/7.3-update28
version/liferay 7.4 ga/7.3-update29
version/liferay 7.4 ga/7.3-update30
version/liferay 7.4 ga/7.3-update31
version/liferay 7.4 ga/7.3-update32
version/liferay 7.4 ga/7.3-update33
version/liferay 7.4 ga/7.3-update34
version/liferay 7.4 ga/7.3-update35
version/liferay 7.4 ga/7.3-update4
version/liferay 7.4 ga/7.3-update5
version/liferay 7.4 ga/7.3-update6
version/liferay 7.4 ga/7.3-update7
version/liferay 7.4 ga/7.3-update8
version/liferay 7.4 ga/7.3-update9
version/liferay 7.4 ga/7.4
version/liferay 7.4 ga/7.4-update1
version/liferay 7.4 ga/7.4-update10
version/liferay 7.4 ga/7.4-update11
version/liferay 7.4 ga/7.4-update12
version/liferay 7.4 ga/7.4-update13
version/liferay 7.4 ga/7.4-update14
version/liferay 7.4 ga/7.4-update15
version/liferay 7.4 ga/7.4-update16
version/liferay 7.4 ga/7.4-update17
version/liferay 7.4 ga/7.4-update18
version/liferay 7.4 ga/7.4-update19
version/liferay 7.4 ga/7.4-update2
version/liferay 7.4 ga/7.4-update20
version/liferay 7.4 ga/7.4-update21
version/liferay 7.4 ga/7.4-update22
version/liferay 7.4 ga/7.4-update23
version/liferay 7.4 ga/7.4-update24
version/liferay 7.4 ga/7.4-update25
version/liferay 7.4 ga/7.4-update26
version/liferay 7.4 ga/7.4-update27
version/liferay 7.4 ga/7.4-update28
version/liferay 7.4 ga/7.4-update29
version/liferay 7.4 ga/7.4-update3
version/liferay 7.4 ga/7.4-update30
version/liferay 7.4 ga/7.4-update31
version/liferay 7.4 ga/7.4-update32
version/liferay 7.4 ga/7.4-update33
version/liferay 7.4 ga/7.4-update34
version/liferay 7.4 ga/7.4-update35
version/liferay 7.4 ga/7.4-update36
version/liferay 7.4 ga/7.4-update37
version/liferay 7.4 ga/7.4-update38
version/liferay 7.4 ga/7.4-update39
version/liferay 7.4 ga/7.4-update4
version/liferay 7.4 ga/7.4-update40
version/liferay 7.4 ga/7.4-update41
version/liferay 7.4 ga/7.4-update42
version/liferay 7.4 ga/7.4-update43
version/liferay 7.4 ga/7.4-update44
version/liferay 7.4 ga/7.4-update45
version/liferay 7.4 ga/7.4-update46
version/liferay 7.4 ga/7.4-update47
version/liferay 7.4 ga/7.4-update48
version/liferay 7.4 ga/7.4-update49
version/liferay 7.4 ga/7.4-update5
version/liferay 7.4 ga/7.4-update50
version/liferay 7.4 ga/7.4-update51
version/liferay 7.4 ga/7.4-update52
version/liferay 7.4 ga/7.4-update53
version/liferay 7.4 ga/7.4-update54
version/liferay 7.4 ga/7.4-update55
version/liferay 7.4 ga/7.4-update56
version/liferay 7.4 ga/7.4-update57
version/liferay 7.4 ga/7.4-update58
version/liferay 7.4 ga/7.4-update59
version/liferay 7.4 ga/7.4-update6
version/liferay 7.4 ga/7.4-update60
version/liferay 7.4 ga/7.4-update61
version/liferay 7.4 ga/7.4-update62
version/liferay 7.4 ga/7.4-update63
version/liferay 7.4 ga/7.4-update64
version/liferay 7.4 ga/7.4-update65
version/liferay 7.4 ga/7.4-update66
version/liferay 7.4 ga/7.4-update67
version/liferay 7.4 ga/7.4-update68
version/liferay 7.4 ga/7.4-update69
version/liferay 7.4 ga/7.4-update7
version/liferay 7.4 ga/7.4-update70
version/liferay 7.4 ga/7.4-update71
version/liferay 7.4 ga/7.4-update72
version/liferay 7.4 ga/7.4-update73
version/liferay 7.4 ga/7.4-update74
version/liferay 7.4 ga/7.4-update75
version/liferay 7.4 ga/7.4-update76
version/liferay 7.4 ga/7.4-update77
version/liferay 7.4 ga/7.4-update78
version/liferay 7.4 ga/7.4-update79
version/liferay 7.4 ga/7.4-update8
version/liferay 7.4 ga/7.4-update80
version/liferay 7.4 ga/7.4-update81
version/liferay 7.4 ga/7.4-update82
version/liferay 7.4 ga/7.4-update83
version/liferay 7.4 ga/7.4-update84
version/liferay 7.4 ga/7.4-update85
version/liferay 7.4 ga/7.4-update86
version/liferay 7.4 ga/7.4-update87
version/liferay 7.4 ga/7.4-update88
version/liferay 7.4 ga/7.4-update89
version/liferay 7.4 ga/7.4-update9
version/liferay 7.4 ga/7.4-update90
version/liferay 7.4 ga/7.4-update91
version/liferay 7.4 ga/7.4-update92
version/liferay 7.4 ga/7.0.0
version/liferay 7.4 ga/7.1.0
version/liferay 7.4 ga/7.2.0
version/liferay 7.4 ga/7.2.1
version/liferay 7.4 ga/7.3.0
version/liferay 7.4 ga/7.3.7
version/liferay 7.4 ga/7.4.0