CVE-2023-47798

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-47798

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47798.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-47798

Aliases

GHSA-2mx7-xvfg-fg53

Published

2024-02-08T03:15:07.367Z

Modified

2026-04-10T05:04:31.314603Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type

GIT

Repo

https://github.com/liferay/liferay-portal

Events

Introduced

Last affected

ded0e9390637985231e962e4ad4cfa4639eabb26

Introduced

Fixed

b072f5df5544a28677824835b490ce8a867bf133

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.2-fix_pack_1"
        },
        {
            "introduced": "7.2.0"
        },
        {
            "fixed": "7.3.0"
        }
    ]
}

Affected versions

6.*

6.1.0-b1

6.1.0-b2

6.1.0-b3

6.1.0-b4

6.1.0-rc1

6.2.0-b1

6.2.0-b2

6.2.0-m2

6.2.0-m3

6.2.0-m4

6.2.0-m5

6.2.0-m6

7.*

7.0.0-m1

7.0.0-m2

7.0.0-m3

7.0.0-m4

7.0.0-m5

7.1.0-a1

7.1.0-a2

7.1.0-b1

7.1.0-b2

7.1.0-m1

7.1.0-m2

7.2.0-a1

7.2.0-b1

7.2.0-b2

7.2.0-b3

7.2.0-ga1

7.2.0-m2

7.2.0-rc2

7.2.0-rc3

7.2.1-ga2

sync-3.*

sync-3.0.0-b1

sync-3.0.1-b2

sync-3.0.10-ga2

sync-3.0.2-b3

sync-3.0.3-b4

sync-3.0.4-b5

sync-3.0.5-b6

sync-3.0.6-b7

sync-3.0.7-b8

sync-3.0.8-b9

sync-3.0.9-ga1

sync-3.1.0-ga1

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "7.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.2-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.2-fix_pack_2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.2-fix_pack_3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.2-fix_pack_4"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47798.json"