CVE-2021-33331
Summary
| CVE | CVE-2021-33331 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-03 21:15:00 UTC |
| Updated | 2021-08-11 15:49:00 UTC |
| Description | Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter. |
Risk And Classification
Problem Types: CWE-601
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Liferay | Dxp | 7.0 | - | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_13 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_14 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_24 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_25 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_26 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_27 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_28 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_30 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_33 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_35 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_36 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_39 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_3\+ | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_40 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_41 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_42 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_43 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_44 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_45 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_46 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_47 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_48 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_49 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_50 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_51 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_52 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_53 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_54 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_56 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_57 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_58 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_59 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_60 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_61 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_64 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_65 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_66 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_67 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_68 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_69 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_70 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_71 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_72 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_73 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_75 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_76 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_78 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_79 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_80 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_81 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_82 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_83 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_84 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_85 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_86 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_87 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_88 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_89 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_90 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_91 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_92 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_93 | All | All |
| Application | Liferay | Dxp | 7.1 | - | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_1 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_10 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_11 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_12 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_13 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_14 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_15 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_16 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_17 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_18 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_2 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_3 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_4 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_5 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_6 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_7 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_8 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_9 | All | All |
| Application | Liferay | Dxp | 7.2 | - | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_1 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_2 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_3 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_4 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_5 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_6 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_7 | All | All |
| Application | Liferay | Liferay Portal | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [LPE-17022] Open redirect vulnerability in Workflow notifications - Liferay Issues | CONFIRM | issues.liferay.com | |
| CVE-2021-33331 Open redirect vulnerability in notifications | CONFIRM | portal.liferay.dev | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.