CVE-2021-29050
📋 TL;DR
This CSRF vulnerability in Liferay Portal allows attackers to trick authenticated users into accepting terms of use without their consent by visiting a malicious webpage. It affects Liferay Portal before 7.3.6 and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11. Attackers can exploit this via social engineering to manipulate user agreements.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could force all users to accept modified terms of use, potentially binding them to unfavorable legal agreements or enabling further account manipulation.
Likely Case
Users are tricked into accepting standard terms of use without realizing it, compromising consent mechanisms and potentially violating compliance requirements.
If Mitigated
With proper CSRF protections, users would be prompted for confirmation before any terms acceptance, preventing unauthorized changes.
🎯 Exploit Status
Exploitation requires authenticated users to visit malicious pages. CSRF attacks are well-understood and easy to implement.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.3.6, Liferay DXP 7.3 service pack 1, Liferay DXP 7.2 fix pack 11
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29050
Restart Required: Yes
Instructions:
1. Download the appropriate patch version from Liferay's customer portal. 2. Backup your current installation. 3. Apply the patch following Liferay's upgrade documentation. 4. Restart the application server.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd CSRF protection tokens to the terms of use form to validate legitimate requests.
Modify terms of use JSP to include CSRF token: <portlet:namespace />csrfToken
Disable Terms of Use Page
allTemporarily disable the vulnerable terms of use functionality if not required.
Set terms.of.use.enabled=false in portal-ext.properties
🧯 If You Can't Patch
- Implement web application firewall rules to block CSRF patterns
- Educate users about phishing risks and require manual terms acceptance verification
🔍 How to Verify
Check if Vulnerable:
Check Liferay version via Control Panel → Configuration → Server Administration → System InformationCheck Version:
Check portal.properties for liferay.version or use Control Panel interfaceVerify Fix Applied:
Verify version is patched and test terms of use page with CSRF testing tools like OWASP ZAP📡 Detection & Monitoring
Log Indicators:
- Multiple terms acceptance requests from same user in short timeframe
- Terms acceptance without corresponding page view
Network Indicators:
- POST requests to /terms-of-use without Referer header validation
- Cross-origin requests to terms endpoints
SIEM Query:
source="liferay.log" AND (uri="/terms-of-use" OR action="acceptTerms") AND NOT referer="*liferay*"