PT-2021-13880 · Jbpm · Jbpm
Paramvir Jindal
·
Published
2021-06-01
·
Updated
2022-08-05
·
CVE-2021-20306
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
jBPM version 7.51.0.Final
Description:
A flaw in the BPMN editor allows any authenticated user to see the names of Ruleflow Groups from other projects, despite not having access to those projects. This poses a threat to confidentiality.
Recommendations:
For version 7.51.0.Final, consider restricting access to the BPMN editor to minimize the risk of unauthorized users viewing Ruleflow Group names from other projects. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jbpm