Lucene search
PRIOn knowledge basePRION:CVE-2021-33330HistoryAug 03, 2021 - 7:15 p.m.
Cross site request forgery (csrf)
2021-08-0319:15:00
PRIOn knowledge base
www.prio-n.com
4
Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote attackers to obtain sensitive information including the targeted userβs email address and current CSRF token.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dxp | eq | 7.2 fixpack2 | |
| dxp | eq | 7.2 fixpack3 | |
| dxp | eq | 7.2 fixpack4 | |
| dxp | eq | 7.2 fixpack5 | |
| dxp | eq | 7.2 fixpack1 | |
| dxp | eq | 7.2 | |
| dxp | eq | 7.2 fixpack6 | |
| dxp | eq | 7.2 fixpack7 | |
| dxp | eq | 7.2 fixpack8 | |
| liferay_portal | ge | 7.2.0 |
Related
osv
osv
Exposure of Resource to Wrong Sphere in Liferay Portal
2022-05-24 22:28:20
CVE-2021-33330
2021-08-03 19:15:08
nvd
nvd
CVE-2021-33330
2021-08-03 19:15:08
cnvd
cnvd
Liferay Portal and Liferay DXP have unspecified vulnerabilities
2021-08-05 00:00:00
cve
cve
CVE-2021-33330
2021-08-03 19:15:08
github
github
Exposure of Resource to Wrong Sphere in Liferay Portal
2022-05-24 22:28:20
cvelist
cvelist
CVE-2021-33330
2021-08-03 18:50:43