CVE-2021-20306 - AskarLabs CVE Database

CVE-2021-20306

Vendor N/A

Product Business-central

Weakness CWE-863 · Incorrect authorization

Published June 1, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality.

Key dates

02Disclosure timeline

June 1, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-20306 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler CVE-2026-32914 OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints CVE-2024-0199 Incorrect Authorization in GitLab CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API CVE-2021-1143 Cisco Connected Mobile Experiences User Enumeration Vulnerability