{
  "affected": [
    {
      "database_specific": {
        "unresolved_ranges": [
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.0-fix_pack_93"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.0-fix_pack_94"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.1-fix_pack_18"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.2-NA"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.2-fix_pack_2"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.2-fix_pack_3"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.2-fix_pack_4"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.2-fix_pack_5"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.2-fix_pack_6"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.2-fix_pack_7"
              }
            ]
          }
        ]
      },
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "7.2-fix_pack_1"
              },
              {
                "introduced": "7.2.0"
              },
              {
                "fixed": "7.3.4"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "ded0e9390637985231e962e4ad4cfa4639eabb26"
            },
            {
              "introduced": "0"
            },
            {
              "fixed": "6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb"
            }
          ],
          "repo": "https://github.com/liferay/liferay-portal",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if \"Role Visibility\" is enabled.",
  "id": "CVE-2021-33327",
  "modified": "2026-04-01T23:10:20.813262362Z",
  "published": "2021-08-03T19:15:08.787Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747840"
    },
    {
      "type": "FIX",
      "url": "https://issues.liferay.com/browse/LPE-17075"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}