Liferay Portal 7.0.0 <= 7.0.6 / 7.1.0 <= 7.1.3 / 7.2.0 <= 7.2.1 / 7.3.0 < 7.3.1 Insufficient Verification

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(176409);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/22");

  script_cve_id("CVE-2023-33949");
  script_xref(name:"IAVA", value:"2023-A-0267-S");

  script_name(english:"Liferay Portal 7.0.0 <= 7.0.6 / 7.1.0 <= 7.1.3 / 7.2.0 <= 7.2.1 / 7.3.0 < 7.3.1 Insufficient Verification");

  script_set_attribute(attribute:"synopsis", value:
"An application running on a remote web server host is affected by an insufficient verification vulnerability.");
  script_set_attribute(attribute:"description", value:
"In Liferay Portal the default configuration does not require users to verify their email address, which allows remote
attackers to create accounts using fake email addresses or email addresses which they don't control. The portal 
property 'company.security.strangers.verify' should be set to true.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949?_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_assetEntryId=121810730&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_assetEntryId%3D121810730%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?96852cb3");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Liferay Portal 7.3.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-33949");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/26");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:liferay:liferay_portal");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("liferay_detect.nasl");
  script_require_keys("installed_sw/liferay_portal");
  script_require_ports("Services/www", 8080);

  exit(0);
}
include('http.inc');
include('vcf.inc');

var port = get_http_port(default:8080);
var app_info = vcf::get_app_info(app:'liferay_portal', webapp:TRUE, port:port);

var constraints = [
  { 'min_version':'7.0.0', 'max_version':'7.0.6', 'fixed_display':'7.3.1' },
  { 'min_version':'7.1.0', 'max_version':'7.1.3', 'fixed_display':'7.3.1' },
  { 'min_version':'7.2.0', 'max_version':'7.2.1', 'fixed_display':'7.3.1' },
  { 'min_version':'7.3.0', 'fixed_version':'7.3.1' }
];

vcf::check_version_and_report(
  app_info:app_info, 
  constraints:constraints,
  severity:SECURITY_HOLE 
);