Vulnerability Name: | CVE-2021-20306 (CCN-202811) | ||||||||||||
Assigned: | 2020-12-17 | ||||||||||||
Published: | 2021-04-30 | ||||||||||||
Updated: | 2022-08-05 | ||||||||||||
Summary: | A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. | ||||||||||||
CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)
2.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-20306 Source: CCN Type: BPMN Web site BPMN editor Source: CCN Type: Red Hat Bugzilla - Bug 1946213 (CVE-2021-20306) - CVE-2021-20306 Business-central: Ruleflow Groups from other projects displayed on BPMN editor despite user having no access to those projects Source: MISC Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1946213 Source: XF Type: UNKNOWN bpmn-cve202120306-info-disc(202811) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |