CVE-2021-33327

MEDIUM Year: 2021
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled.

Related Vulnerabilities

CVE-2012-1157

MEDIUM
CVSS:4.3(Medium)

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

CWE-2762012

CVE-2013-4764

MEDIUM
CVSS:4.3(Medium)

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.

CWE-2762013

CVE-2017-9505

MEDIUM
CVSS:4.3(Medium)

Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Conflu...

CWE-2762017

CVE-2019-10465

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine wh...

CWE-2762019

CVE-2019-10473

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CWE-2762019

CVE-2019-10474

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.

CWE-2762019