GHSA-ph63-chvv-8x46
Suggest an improvement- Source
- https://github.com/advisories/GHSA-ph63-chvv-8x46
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-ph63-chvv-8x46/GHSA-ph63-chvv-8x46.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-ph63-chvv-8x46
- Aliases
- Published
- 2025-09-23T00:32:03Z
- Modified
- 2025-09-23T16:12:31.291683Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Liferay Portal and DXP audit events record password reminder answers
- Details
-
In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote authenticated users to obtain a user’s password reminder answer via the audit events.
- Database specific
{ "nvd_published_at": "2025-09-22T23:15:37Z", "severity": "MODERATE", "github_reviewed_at": "2025-09-23T15:10:59Z", "cwe_ids": [ "CWE-201" ], "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-43814
- https://github.com/liferay/liferay-portal/commit/6d0f123c838b96fd71fb97f422366ffa43391121
- https://github.com/liferay/liferay-portal/commit/76c9c38f21614bf0dca877057b13f6a449c041e8
- https://github.com/liferay/liferay-portal
- https://liferay.atlassian.net/browse/LPE-17937
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43814
Affected packages
Maven / com.liferay:com.liferay.portal.security.audit.event.generators.user.management
Package
- Name
- com.liferay:com.liferay.portal.security.audit.event.generators.user.management
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay/com.liferay.portal.security.audit.event.generators.user.management
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.0.13
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12