CVE-2023-45824

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OroPlatform versions prior to 5.1.4

Description A logged in user can access page state data of pinned pages of other users by pageId hash. This issue allows unauthorized access to sensitive information.

Recommendations For versions prior to 5.1.4, update to version 5.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the PagestateController to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-45824

GHSA-VXQ2-P937-3PX3

Affected Products

Oroplatform

CVE-2023-45824

Weakness Enumeration

Related Identifiers

Affected Products

References · 11