PT-2023-23577 · Oro · Orocalendarbundle

Khrysev

Publicado

2023-11-27

Atualizado

2023-12-01

CVE-2023-32063

CVSS v3.1

5.0

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OroCalendarBundle versions prior to 5.0.4 OroCalendarBundle versions prior to 5.1.1

Description The issue allows back-office users to access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This is related to the Calendar feature and functionality in Oro applications.

Recommendations For OroCalendarBundle versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. For OroCalendarBundle versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2023-32063

GHSA-897W-JV7J-6R7G

Produtos afetados

Orocalendarbundle

PT-2023-23577 · Oro · Orocalendarbundle

CVE-2023-32063

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10