Bug 1946213 (CVE-2021-20306)
Summary: | CVE-2021-20306 Business-central: Ruleflow Groups from other projects displayed on BPMN editor despite user having no access to those projects | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Paramvir jindal <pjindal> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | akoufoud, alazarot, anstephe, ibek, kverlaen, mnovotny, pjindal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | --- | |
Doc Text: |
A flaw was found in the BPMN editor. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1939122 |
Description
Paramvir jindal
2021-04-05 12:03:31 UTC
Acknowledgments: Name: Ben Brown |