GHSA-qm43-g2xj-hvg5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qm43-g2xj-hvg5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-qm43-g2xj-hvg5/GHSA-qm43-g2xj-hvg5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qm43-g2xj-hvg5
- Aliases
- Published
- 2024-02-20T15:31:05Z
- Modified
- 2025-07-29T13:57:23.026802Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Liferay Portal and Liferay DXP User Enumeration Vulnerability
- Details
-
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
- Database specific
{ "nvd_published_at": "2024-02-20T14:15:09Z", "cwe_ids": [ "CWE-203" ], "github_reviewed_at": "2025-07-29T13:05:12Z", "severity": "MODERATE", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-26268
- https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93
- https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8
- https://github.com/liferay/liferay-portal
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268
Affected packages
Maven
com.liferay.portal:release.portal.bom
Package
- Name
- com.liferay.portal:release.portal.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.portal.bom
Affected versions
7.*
7.2.0
7.2.1
7.2.1-1
7.3.0
7.3.0-1
7.3.1
7.3.1-1
7.3.2
7.3.2-1
7.3.3
7.3.3-1
7.3.4
7.3.5
7.3.6
7.3.7
7.4.0
7.4.1
7.4.1-1
7.4.2
7.4.2-1
7.4.3.4
7.4.3.5
7.4.3.6
7.4.3.7
7.4.3.8
7.4.3.9
7.4.3.10
7.4.3.11
7.4.3.12
7.4.3.13
7.4.3.14
7.4.3.15
7.4.3.16
7.4.3.17
7.4.3.18
7.4.3.19
7.4.3.20
7.4.3.20-ga20
7.4.3.21
7.4.3.21-ga21
7.4.3.22
7.4.3.23
7.4.3.24
7.4.3.25
7.4.3.26
7.4.3.27
com.liferay.portal:release.dxp.bom
Package
- Name
- com.liferay.portal:release.dxp.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.dxp.bom
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.2.10.fp20
Affected versions
7.*
7.0.10.fp60
7.0.10.fp61
7.0.10.fp62
7.0.10.fp63
7.0.10.fp64
7.0.10.fp65
7.0.10.fp66
7.0.10.fp67
7.0.10.fp68
7.0.10.fp69
7.0.10.fp70
7.0.10.fp71
7.0.10.fp72
7.0.10.fp73
7.0.10.fp74
7.0.10.fp75
7.0.10.fp76
7.0.10.fp77
7.0.10.fp78
7.0.10.fp79
7.0.10.fp80
7.0.10.fp81
7.0.10.fp82
7.0.10.fp83
7.0.10.fp84
7.0.10.fp85
7.0.10.fp85-1
7.0.10.fp86
7.0.10.fp86-1
7.0.10.fp87
7.0.10.fp87-1
7.0.10.fp88
7.0.10.fp89
7.0.10.fp90
7.0.10.fp91
7.0.10.fp92
7.0.10.fp94
7.0.10.fp94-1
7.0.10.fp95
7.0.10.fp95-1
7.0.10.fp95-2
7.0.10.fp97
7.0.10.fp98
7.0.10.fp100
7.0.10.fp101
7.0.10.fp102
7.0.10.7
7.0.10.8
7.0.10.9
7.0.10.14
7.0.10.14-1
7.0.10.16
7.0.10.17
7.1.10
7.1.10.fp1
7.1.10.fp2
7.1.10.fp3
7.1.10.fp4
7.1.10.fp5
7.1.10.fp6
7.1.10.fp7
7.1.10.fp8
7.1.10.fp9
7.1.10.fp10
7.1.10.fp11
7.1.10.fp12
7.1.10.fp13
7.1.10.fp14
7.1.10.fp15
7.1.10.fp16
7.1.10.fp17
7.1.10.fp18
7.1.10.fp19
7.1.10.fp20
7.1.10.fp22
7.1.10.fp24
7.1.10.fp25
7.1.10.fp26
7.1.10.fp27
7.1.10.fp28
7.1.10.1
7.1.10.3
7.1.10.4
7.1.10.5
7.1.10.6
7.1.10.7
7.1.10.8
7.2.1
7.2.10
7.2.10.fp1
7.2.10.fp1-1
7.2.10.fp2
7.2.10.fp3
7.2.10.fp4
7.2.10.fp5
7.2.10.fp6
7.2.10.fp7
7.2.10.fp8
7.2.10.fp9
7.2.10.fp10
7.2.10.fp11
7.2.10.fp12
7.2.10.fp13
7.2.10.fp14
7.2.10.fp15
7.2.10.fp16
7.2.10.fp17
7.2.10.fp18
7.2.10.fp19
com.liferay.portal:release.dxp.bom
Package
- Name
- com.liferay.portal:release.dxp.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.dxp.bom
com.liferay.portal:release.dxp.bom
Package
- Name
- com.liferay.portal:release.dxp.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.dxp.bom