Liferay Portal 7.4.3.4 < 7.4.3.49 Authentication Bypass

2023-05-2900:00:00

www.tenable.com

The Object module in Liferay Portal and Liferay DXP does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(176453);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/22");

  script_cve_id("CVE-2023-33946");
  script_xref(name:"IAVA", value:"2023-A-0267-S");

  script_name(english:"Liferay Portal 7.4.3.4 < 7.4.3.49 Authentication Bypass");

  script_set_attribute(attribute:"synopsis", value:
"An application running on a remote web server host is affected by a authentication bypass vulnerability");
  script_set_attribute(attribute:"description", value:
"The Object module in Liferay Portal and Liferay DXP does properly isolate objects in difference virtual instances, 
which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via 
OAuth 2 scope administration page.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33946
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?39039758");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Liferay Portal 7.4.3.49 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-33946");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:liferay:liferay_portal");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("liferay_detect.nasl");
  script_require_keys("installed_sw/liferay_portal");
  script_require_ports("Services/www", 8080);

  exit(0);
}
include('http.inc');
include('vcf.inc');

var port = get_http_port(default:8080);
var app_info = vcf::get_app_info(app:'liferay_portal', webapp:TRUE, port:port);

var constraints = [ {'min_version' : '7.4.3.4', 'fixed_version': '7.4.3.49'} ];

vcf::check_version_and_report(
  app_info:app_info, 
  constraints:constraints, 
  severity:SECURITY_WARNING
);

VendorProductVersionCPE
liferayliferay_portalcpe:/a:liferay:liferay_portal

Vendor	Product	Version	CPE
liferay	liferay_portal		cpe:/a:liferay:liferay_portal

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33946

www.nessus.org/u?39039758

JSON

Related for LIFERAY_7_4_3_49_CVE-2023-33946.NASL