Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17075

Unauthorized users can view the Guest and User roles

Details

    • CVE-2021-33327
    • 4.3
    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    • 95
    • 19
    • 8

    Description

      The portlet configuration module in Liferay DXP 7.0 service pack 93+, 7.1 service pack 18+ and 7.2 does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled. This issue is due to an incomplete fix in LPE-16341.

      Attachments

        Activity

          People

            support-ee EE Support
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                7.0.X EE
                7.1.x EE
                7.2.X EE