PT-2023-25293 · Pimcore · Pimcore/Customer-Data-Framework

Kingjia90

Publicado

2023-07-10

Atualizado

2023-07-19

CVE-2023-3574

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions pimcore/customer-data-framework versions prior to 3.4.1

Description The product performs authorization checks incorrectly, allowing an unauthorized actor to access resources or perform actions. This enables the attacker to view and freely add, modify, or delete rules.

Recommendations For versions prior to 3.4.1, update to version 3.4.1 or apply the patch manually from https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch.

Exploit

Correção

Improper Authorization

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-863

Identificadores relacionados

CVE-2023-3574

GHSA-VX35-F379-4Q49

Produtos afetados

Pimcore/Customer-Data-Framework

PT-2023-25293 · Pimcore · Pimcore/Customer-Data-Framework

CVE-2023-3574

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9