High severity8.8NVD Advisory· Published Feb 20, 2024· Updated Apr 15, 2026
CVE-2021-29050
CVE-2021-29050
Description
Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:com.liferay.portal.implMaven | < 5.25.0 | 5.25.0 |
com.liferay.portal:release.dxp.bomMaven | >= 7.2.0, < 7.2.10.fp11 | 7.2.10.fp11 |
Patches
2f2723cb2e8daLPS-127977 match portal-web/docroot/html/portal/update_reminder_query.jsp
1 file changed · +1 −1
portal-web/docroot/html/portal/terms_of_use.jsp+1 −1 modified@@ -44,9 +44,9 @@ TermsOfUseContentProvider termsOfUseContentProvider = TermsOfUseContentProviderU </div> <aui:form action='<%= themeDisplay.getPathMain() + "/portal/update_terms_of_use" %>' name="fm"> + <aui:input name="p_auth" type="hidden" value="<%= AuthTokenUtil.getToken(request) %>" /> <aui:input name="doAsUserId" type="hidden" value="<%= themeDisplay.getDoAsUserId() %>" /> <aui:input name="<%= WebKeys.REFERER %>" type="hidden" value="<%= referer %>" /> - <aui:input name="p_auth" type="hidden" value="<%= AuthTokenUtil.getToken(request) %>" /> <div class="sheet-text"> <c:choose>
1295dcd8173aLPS-127977 Add p_auth token check to Terms of Use page
3 files changed · +6 −0
portal-impl/src/com/liferay/portal/action/UpdateTermsOfUseAction.java+4 −0 modified@@ -14,6 +14,7 @@ package com.liferay.portal.action; +import com.liferay.portal.kernel.security.auth.AuthTokenUtil; import com.liferay.portal.kernel.service.UserServiceUtil; import com.liferay.portal.kernel.util.PortalUtil; import com.liferay.portal.struts.Action; @@ -35,6 +36,9 @@ public ActionForward execute( HttpServletResponse httpServletResponse) throws Exception { + AuthTokenUtil.checkCSRFToken( + httpServletRequest, UpdateTermsOfUseAction.class.getName()); + UserServiceUtil.updateAgreedToTermsOfUse( PortalUtil.getUserId(httpServletRequest), true);
portal-impl/src/portal.properties+1 −0 modified@@ -3955,6 +3955,7 @@ #auth.token.ignore.origins=\ # com.liferay.portal.action.JSONServiceAction:com.liferay.portlet.expando.service.ExpandoValueServiceUtil#getJSONData,\ # com.liferay.portal.action.LoginAction,\ + # com.liferay.portal.action.UpdateTermsOfUseAction,\ # com.liferay.portal.jsonwebservice.JSONWebServiceServiceAction:/classname/,\ # com.liferay.portal.jsonwebservice.JSONWebServiceServiceAction:/user/get-user-by-email-address,\ # com.liferay.portlet.asset.action.GetCategoriesAction,\
portal-web/docroot/html/portal/terms_of_use.jsp+1 −0 modified@@ -46,6 +46,7 @@ TermsOfUseContentProvider termsOfUseContentProvider = TermsOfUseContentProviderU <aui:form action='<%= themeDisplay.getPathMain() + "/portal/update_terms_of_use" %>' name="fm"> <aui:input name="doAsUserId" type="hidden" value="<%= themeDisplay.getDoAsUserId() %>" /> <aui:input name="<%= WebKeys.REFERER %>" type="hidden" value="<%= referer %>" /> + <aui:input name="p_auth" type="hidden" value="<%= AuthTokenUtil.getToken(request) %>" /> <div class="sheet-text"> <c:choose>
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-mh9r-9pcx-rx55ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29050ghsaADVISORY
- github.com/liferay/liferay-portal/commit/1295dcd8173ac820e501d0e9b3bf1da97ea8b7d4ghsaWEB
- github.com/liferay/liferay-portal/commit/f2723cb2e8dacfbd140ff5f255bb7d21a11c476dghsaWEB
- liferay.atlassian.net/browse/LPE-17207ghsaWEB
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29050nvdWEB
News mentions
0No linked articles in our index yet.