GHSA-jp3m-vh3g-6ggp

Source

https://github.com/advisories/GHSA-jp3m-vh3g-6ggp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-jp3m-vh3g-6ggp/GHSA-jp3m-vh3g-6ggp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jp3m-vh3g-6ggp

Aliases

Published

2022-03-04T00:00:22Z

Modified

2025-07-14T21:12:12.344130Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Liferay Portal and Liferay DXP fails to properly import users from LDAP

Details

Security LDAP Implementation before 2.0.16 from Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [],
    "nvd_published_at": "2022-03-02T23:15:00Z",
    "severity": "HIGH",
    "github_reviewed_at": "2025-07-14T20:52:18Z"
}

References

Affected packages

Maven / com.liferay:com.liferay.portal.security.ldap.impl

Package

Name: com.liferay:com.liferay.portal.security.ldap.impl; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.portal.security.ldap.impl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.19

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

1.0.25

1.0.26

1.0.27

1.0.28

1.0.29

1.0.30

1.0.31

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.0.37

1.0.38

1.0.39

1.0.40

1.0.41

1.0.42

1.0.43

1.0.44

1.0.45

1.0.46

1.0.47

1.0.48

1.0.49

1.0.50

1.0.51

1.0.52

1.0.53

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.0-ga1

Affected versions

7.*

7.0.10.fp60

7.0.10.fp61

7.0.10.fp62

7.0.10.fp63

7.0.10.fp64

7.0.10.fp65

7.0.10.fp66

7.0.10.fp67

7.0.10.fp68

7.0.10.fp69

7.0.10.fp70

7.0.10.fp71

7.0.10.fp72

7.0.10.fp73

7.0.10.fp74

7.0.10.fp75

7.0.10.fp76

7.0.10.fp77

7.0.10.fp78

7.0.10.fp79

7.0.10.fp80

7.0.10.fp81

7.0.10.fp82

7.0.10.fp83

7.0.10.fp84

7.0.10.fp85

7.0.10.fp85-1

7.0.10.fp86

7.0.10.fp86-1

7.0.10.fp87

7.0.10.fp87-1

7.0.10.fp88

7.0.10.fp89

7.0.10.fp90

7.0.10.fp91

7.0.10.fp92

7.0.10.fp94

7.0.10.fp94-1

7.0.10.fp95

7.0.10.fp95-1

7.0.10.fp95-2

7.0.10.fp97

7.0.10.fp98

7.0.10.fp100

7.0.10.fp101

7.0.10.fp102

7.0.10.7

7.0.10.8

7.0.10.9

7.0.10.14

7.0.10.14-1

7.0.10.16

7.0.10.17

7.1.10

7.1.10.fp1

7.1.10.fp2

7.1.10.fp3

7.1.10.fp4

7.1.10.fp5

7.1.10.fp6

7.1.10.fp7

7.1.10.fp8

7.1.10.fp9

7.1.10.fp10

7.1.10.fp11

7.1.10.fp12

7.1.10.fp13

7.1.10.fp14

7.1.10.fp15

7.1.10.fp16

7.1.10.fp17

7.1.10.fp18

7.1.10.fp19

7.1.10.fp20

7.1.10.fp22

7.1.10.fp24

7.1.10.fp25

7.1.10.fp26

7.1.10.fp27

7.1.10.fp28

7.1.10.1

7.1.10.3

7.1.10.4

7.1.10.5

7.1.10.6

7.1.10.7

7.1.10.8

7.2.1

7.2.10

7.2.10.fp1

7.2.10.fp1-1

7.2.10.fp2

7.2.10.fp3

7.2.10.fp4

7.2.10.fp5

7.2.10.fp6

7.2.10.fp7

7.2.10.fp8

7.2.10.fp9

7.2.10.fp10

7.2.10.fp11

7.2.10.fp12

7.2.10.fp13

7.2.10.fp14

7.2.10.fp15

7.2.10.fp16

7.2.10.fp17

7.2.10.fp18

7.2.10.fp19

7.2.10.fp20

7.2.10.1

7.2.10.2

7.2.10.3

7.2.10.3-1

7.2.10.4

7.2.10.4-1

7.2.10.5

7.2.10.5-1

7.2.10.6

7.2.10.7

7.2.10.8