VYPR
Moderate severityNVD Advisory· Published Feb 20, 2024· Updated Aug 16, 2024

CVE-2024-26270

CVE-2024-26270

Description

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.liferay.portal:release.portal.bomMaven
>= 7.4.3.76, < 7.4.3.1007.4.3.100
com.liferay.portal:release.dxp.bomMaven
>= 2023.Q3, < 2023.Q3.52023.Q3.5
com.liferay.portal:release.dxp.bomMaven
>= 7.4.0, <= 7.4.13.u92

Affected products

4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.