[LPE-17007] LSV-720: Flagging content as inappropriate is not rate limited - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
Fix Version/s: 7.0.X EE, 7.1.x EE, 7.2.X EE
Component/s: Page Flags widget, Security Vulnerability
Labels:

CVE IDs:
CVE-2021-33320
CVSS Base Score:
5.0
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
7.0 Fix Pack Version:
96
7.1 Fix Pack Version:
20
7.2 Fix Pack Version:
5

Description

The flags module in Liferay DXP 7.0, 7.1 and 7.2 does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Apr/20 12:34 PM

Updated:: 02/Aug/21 12:24 AM

Resolved:: 14/Jul/20 5:35 AM

Packages

Version	Package
7.0.X EE
7.1.x EE
7.2.X EE