Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17032

Users can see Workflow Submissions from other users

Details

    • CVE-2021-33333
    • 6.3
    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    • 93
    • 19
    • 6

    Description

      The portal workflow module in Liferay DXP 7.0, 7.1 and 7.2 does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.

      Attachments

        Activity

          People

            support-ee EE Support
            daniel.couso Daniel Couso
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                7.0.X EE
                7.1.x EE
                7.2.X EE