CVE-2023-44308: Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page

February 20, 2024 (updated July 29, 2025)

Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect parameter.

References

github.com/advisories/GHSA-3mrr-cw9q-727m
github.com/liferay/liferay-portal
liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44308
nvd.nist.gov/vuln/detail/CVE-2023-44308

Code Behaviors & Features

Detect and mitigate CVE-2023-44308 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →