[LPE-17022] Open redirect vulnerability in Workflow notifications - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
Fix Version/s: 7.0.X EE, 7.1.x EE, 7.2.X EE
Component/s: Security Vulnerability, Workflow > My Workflow Tasks
Labels:

CVE IDs:
CVE-2021-33331
CVSS Base Score:
6.1
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.0 Fix Pack Version:
94
7.1 Fix Pack Version:
19
7.2 Fix Pack Version:
8

Description

Open redirect vulnerability in the notifications module in Liferay DXP 7.0, 7.1 and 7.2 allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Daniel Couso

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/May/20 1:47 AM

Updated:: 02/Aug/21 12:10 AM

Resolved:: 01/Sep/20 4:29 AM

Packages

Version	Package
7.0.X EE
7.1.x EE
7.2.X EE