Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
-
CVE-2021-33327
-
4.3
-
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
-
95
-
19
-
8
Description
The portlet configuration module in Liferay DXP 7.0 service pack 93+, 7.1 service pack 18+ and 7.2 does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled. This issue is due to an incomplete fix in LPE-16341.