[LPE-17032] Users can see Workflow Submissions from other users - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
Fix Version/s: 7.0.X EE, 7.1.x EE, 7.2.X EE
Component/s: Workflow > My Submissions, Workflow > My Workflow Tasks
Labels:

CVSS Base Score:
6.3
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.0 Fix Pack Version:
93
7.1 Fix Pack Version:
19
7.2 Fix Pack Version:
6

Description

The portal workflow module in Liferay DXP 7.0, 7.1 and 7.2 does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Daniel Couso

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Jun/20 4:31 AM

Updated:: 15/Sep/20 2:36 AM

Resolved:: 14/Jul/20 2:54 AM

Packages

Version	Package
7.0.X EE
7.1.x EE
7.2.X EE