GHSA-82j7-2h3j-hc7f

Source

https://github.com/advisories/GHSA-82j7-2h3j-hc7f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-82j7-2h3j-hc7f/GHSA-82j7-2h3j-hc7f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-82j7-2h3j-hc7f

Aliases

CVE-2021-29041

Published

2022-05-24T19:02:32Z

Modified

2025-05-14T08:27:07.862242Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module

Details

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.

Database specific

{
    "github_reviewed": true,
    "severity": "MODERATE",
    "nvd_published_at": "2021-05-16T16:15:00Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "github_reviewed_at": "2025-05-14T07:43:49Z"
}

References

Affected packages

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.10.fp1

Affected versions

7.*

7.0.10.fp60

7.0.10.fp61

7.0.10.fp62

7.0.10.fp63

7.0.10.fp64

7.0.10.fp65

7.0.10.fp66

7.0.10.fp67

7.0.10.fp68

7.0.10.fp69

7.0.10.fp70

7.0.10.fp71

7.0.10.fp72

7.0.10.fp73

7.0.10.fp74

7.0.10.fp75

7.0.10.fp76

7.0.10.fp77

7.0.10.fp78

7.0.10.fp79

7.0.10.fp80

7.0.10.fp81

7.0.10.fp82

7.0.10.fp83

7.0.10.fp84

7.0.10.fp85

7.0.10.fp85-1

7.0.10.fp86

7.0.10.fp86-1

7.0.10.fp87

7.0.10.fp87-1

7.0.10.fp88

7.0.10.fp89

7.0.10.fp90

7.0.10.fp91

7.0.10.fp92

7.0.10.fp94

7.0.10.fp94-1

7.0.10.fp95

7.0.10.fp95-1

7.0.10.fp95-2

7.0.10.fp97

7.0.10.fp98

7.0.10.fp100

7.0.10.fp101

7.0.10.fp102

7.0.10.7

7.0.10.8

7.0.10.9

7.0.10.14

7.0.10.14-1

7.0.10.16

7.0.10.17

7.1.10

7.1.10.fp1

7.1.10.fp2

7.1.10.fp3

7.1.10.fp4

7.1.10.fp5

7.1.10.fp6

7.1.10.fp7

7.1.10.fp8

7.1.10.fp9

7.1.10.fp10

7.1.10.fp11

7.1.10.fp12

7.1.10.fp13

7.1.10.fp14

7.1.10.fp15

7.1.10.fp16

7.1.10.fp17

7.1.10.fp18

7.1.10.fp19

7.1.10.fp20

7.1.10.fp22

7.1.10.fp24

7.1.10.fp25

7.1.10.fp26

7.1.10.fp27

7.1.10.fp28

7.1.10.1

7.1.10.3

7.1.10.4

7.1.10.5

7.1.10.6

7.1.10.7

7.1.10.8

7.2.1

7.2.10

7.2.10.fp1

7.2.10.fp1-1

7.2.10.fp2

7.2.10.fp3

7.2.10.fp4

7.2.10.fp5

7.2.10.fp6

7.2.10.fp7

7.2.10.fp8

7.2.10.fp9

7.2.10.fp10

7.2.10.fp11

7.2.10.fp12

7.2.10.fp13

7.2.10.fp14

7.2.10.fp15

7.2.10.fp16

7.2.10.fp17

7.2.10.fp18

7.2.10.fp19

7.2.10.fp20

7.2.10.1

7.2.10.2

7.2.10.3

7.2.10.3-1

7.2.10.4

7.2.10.4-1

7.2.10.5

7.2.10.5-1

7.2.10.6

7.2.10.7

7.2.10.8

7.3.10

7.3.10.ep3

7.3.10.ep4

7.3.10.ep5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-82j7-2h3j-hc7f/GHSA-82j7-2h3j-hc7f.json"