CVE-2023-33948

2023-05-24T16:15:00

Description

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.

Affected Software

CPE Name	Name	Version
liferay:liferay_portal	liferay liferay portal	7.4.3.67
liferay:digital_experience_platform	liferay digital experience platform	7.4

{"id": "CVE-2023-33948", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2023-33948", "description": "The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.", "published": "2023-05-24T16:15:00", "modified": "2023-06-01T16:59:00", "epss": [{"cve": "CVE-2023-33948", "epss": 0.00095, "percentile": 0.39111, "modified": "2023-07-23"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33948", "reporter": "security@liferay.com", "references": ["https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33948"], "cvelist": ["CVE-2023-33948"], "immutableFields": [], "lastseen": "2023-07-24T06:23:50", "viewCount": 18, "enchantments": {"score": {"value": 6.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "github", "idList": ["GHSA-W6F8-MXF5-4VF8"]}, {"type": "nessus", "idList": ["LIFERAY_7_4_3_68_CVE-2023-33948.NASL"]}, {"type": "osv", "idList": ["OSV:GHSA-W6F8-MXF5-4VF8"]}, {"type": "veracode", "idList": ["VERACODE:40892"]}]}, "vulnersScore": 6.9}, "_state": {"score": 1690180362, "dependencies": 1690179999}, "_internal": {"score_hash": "1104dbf46030a26078d3662c16258361"}, "cna_cvss": {"cna": "Liferay", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "score": 5.3}}}, "cpe": ["cpe:/a:liferay:digital_experience_platform:7.4", "cpe:/a:liferay:liferay_portal:7.4.3.67"], "cpe23": ["cpe:2.3:a:liferay:liferay_portal:7.4.3.67:*:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*"], "cwe": ["CWE-862"], "affectedSoftware": [{"cpeName": "liferay:liferay_portal", "version": "7.4.3.67", "operator": "eq", "name": "liferay liferay portal"}, {"cpeName": "liferay:digital_experience_platform", "version": "7.4", "operator": "eq", "name": "liferay digital experience platform"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:liferay:liferay_portal:7.4.3.67:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33948", "name": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33948", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Liferay", "product": "Portal"}, {"vendor": "Liferay", "product": "DXP"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "2023-05-24T00:00:00"}

{"github": [{"lastseen": "2023-07-24T08:16:23", "description": "The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-24T18:30:26", "type": "github", "title": "Missing authorization in Liferay portal", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33948"], "modified": "2023-06-03T00:10:14", "id": "GHSA-W6F8-MXF5-4VF8", "href": "https://github.com/advisories/GHSA-w6f8-mxf5-4vf8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "veracode": [{"lastseen": "2023-07-24T08:02:24", "description": "com.liferay.dynamic.data.mapping.form is vulnerable to Missing Authorization. The vulnerability exists in the dynamic data mapping because it does not limit the document and Media files which can be downloaded from a form, allowing an attacker to download any file from Document and Media via a maliciously crafted URL.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-14T04:10:17", "type": "veracode", "title": "Missing Authorization", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33948"], "modified": "2023-06-14T18:48:44", "id": "VERACODE:40892", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-40892/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-08-15T14:39:19", "description": "The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-24T16:15:00", "type": "prion", "title": "CVE-2023-33948", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33948"], "modified": "2023-06-01T16:59:00", "id": "PRION:CVE-2023-33948", "href": "https://kb.prio-n.com/vulnerability/CVE-2023-33948", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-07-12T13:03:01", "description": "The Dynamic Data Mapping module in Liferay Portal and Liferay DXP does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-29T00:00:00", "type": "nessus", "title": "Liferay Portal 7.4.3.67 < 7.4.3.68 Authentication Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-33948"], "modified": "2023-06-22T00:00:00", "cpe": ["cpe:/a:liferay:liferay_portal"], "id": "LIFERAY_7_4_3_68_CVE-2023-33948.NASL", "href": "https://www.tenable.com/plugins/nessus/176450", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(176450);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/22\");\n\n script_cve_id(\"CVE-2023-33948\");\n script_xref(name:\"IAVA\", value:\"2023-A-0267-S\");\n\n script_name(english:\"Liferay Portal 7.4.3.67 < 7.4.3.68 Authentication Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on a remote web server host is affected by a authentication bypass vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The Dynamic Data Mapping module in Liferay Portal and Liferay DXP does not limit Document and Media files which can be \ndownloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33948\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca60e0a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Liferay Portal 7.4.3.68 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-33948\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:liferay:liferay_portal\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"liferay_detect.nasl\");\n script_require_keys(\"installed_sw/liferay_portal\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\n\nvar port = get_http_port(default:8080);\nvar app_info = vcf::get_app_info(app:'liferay_portal', webapp:TRUE, port:port);\n\nvar constraints = [ {'min_version': '7.4.3.67', 'fixed_version': '7.4.3.68'} ];\n\nvcf::check_version_and_report(\n app_info:app_info, \n constraints:constraints, \n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-06-03T00:21:28", "description": "The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-24T18:30:26", "type": "osv", "title": "Missing authorization in Liferay portal", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33948"], "modified": "2023-06-03T00:10:13", "id": "OSV:GHSA-W6F8-MXF5-4VF8", "href": "https://osv.dev/vulnerability/GHSA-w6f8-mxf5-4vf8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}

CVE-2023-33948

Description

Affected Software

Related