CVE-2024-25149

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 20, 2024

CWE ID 863

Summary

CVE-2024-25149 is a vulnerability affecting Liferay Portal 7.2.0 through 7.4.1 and older unsupported versions, as well as Liferay DXP 7.3 before service pack 3 and older unsupported versions. This issue arises from the application's failure to adequately restrict membership of child sites when the "Limit membership to members of the parent site" option is enabled. Consequently, remote authenticated users can add unauthorized users to a child site, potentially granting them permission to perform unauthorized actions within that site.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ua1jtV
https://www.cve.org/CVERecord?id=CVE-2024-25149
https://nvd.nist.gov/vuln/detail/CVE-2024-25149

Back to Vulnerability Database

CVE-2024-25149

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations