CVE Vulnerabilities

CVE-2021-20306

Published: Jun 01, 2021 | Modified: Aug 05, 2022
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
3.1 LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Ubuntu

A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality.

Affected Software

Name Vendor Start Version End Version
Descision_manager Redhat 7.0 (including) 7.0 (including)
Jbpm Redhat 7.51.0 (including) 7.51.0 (including)
Process_automation Redhat 7.0 (including) 7.0 (including)

References