Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17049

Unauthenticated form drafts are visible to everybody

Details

    • 3
    • CVE-2021-33323
    • 4.3
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
    • 19
    • 7

    Description

      Forms in Liferay DXP 7.1 and 7.2 autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.

      Attachments

        Activity

          People

            support-ee EE Support
            tibor.lipusz Tibor Lipusz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                7.1.x EE
                7.2.X EE