Description
Liferay Portal and Liferay DXP allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.
Severity
5.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N)
Affected Version(s)
- Liferay Portal 7.4.0 through 7.4.3.132
- Liferay DXP 2025.Q1.0 through 2025.Q1.4
- Liferay DXP 2024.Q4.0 through 2024.Q4.7
- Liferay DXP 2024.Q3.1 through 2024.Q3.13
- Liferay DXP 2024.Q2.0 throguh 2024.Q2.13
- Liferay DXP 2024.Q1.1 through 2024.Q1.15
- Liferay DXP 7.4 GA through update 92
Fixed Version(s)
- Liferay Portal fixed on master branch
- Liferay DXP 2025.Q2.0
- Liferay DXP 2025.Q1.5
- Liferay DXP 2024.Q1.16
Acknowledgments
This issue was reported by Shubham Shah - CTO @ Assetnote and Adam Kues - Security Researcher @ Assetnote
Publication date: Fri, 04 Apr 2025 16:24:00 +0000