CVE-2021-20306
Summary
| CVE | CVE-2021-20306 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-01 14:15:00 UTC |
| Updated | 2022-08-05 15:19:00 UTC |
| Description | A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Descision Manager | 7 | All | All | All |
| Application | Redhat | Descision Manager | 7.0 | All | All | All |
| Application | Redhat | Jbpm | 7.51.0 | All | All | All |
| Application | Redhat | Process Automation | 7 | All | All | All |
| Application | Redhat | Process Automation | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1946213 – (CVE-2021-20306) CVE-2021-20306 Business-central: Ruleflow Groups from other projects displayed on BPMN editor despite user having no access to those projects | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.