Unauthorized users can view forms and form entries

Affects versions

Fix versions

7.0.X EE

7.1.X EE

7.2.X EE

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

None

7.4 Fix Pack Version

None

CVE IDs

CVE-2021-33334

CVSS Base Score

4.3

CVSS Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Labels

liferay-dxp-70-sp15liferay-fixpack-de-94-7010liferay-fixpack-dxp-19-7110liferay-fixpack-dxp-6-7210lsvlsv-706sev-3

Description

Forms in Liferay DXP 7.0, 7.1 and 7.2 does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms in the site and the form entries via the forms section in site administration.

Activity

Show:

Resize issue view side panel

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
EE Support
Reporter
Enterprise Release HU
Priority
Low
Components

Zendesk Support

Created June 9, 2020 at 10:49 AM

Updated August 2, 2021 at 12:15 AM

Resolved June 29, 2020 at 3:45 AM

Unauthorized users can view forms and form entries

Affects versions

Fix versions

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

7.4 Fix Pack Version

CVE IDs

CVSS Base Score

CVSS Vector String

Labels

Description

Activity

DetailsAssigneeEE SupportEE SupportReporterEnterprise Release HUEnterprise Release HUPriorityLowComponents

Details

Assignee

Reporter

Priority

Components

Zendesk SupportLinked Tickets

Zendesk Support

Details
Assignee
EE Support
Reporter
Enterprise Release HU
Priority
Low
Components

Zendesk Support