CVE-2023-45824

OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3

Configurations

No configuration.

History

21 Nov 2024, 08:27

Type	Values Removed	Values Added
References	~~() https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd -~~	() https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd -
References	~~() https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3 -~~	() https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3 -

26 Mar 2024, 12:55

Type	Values Removed	Values Added
Summary		(es) OroPlatform es una plataforma de aplicaciones empresariales (BAP) PHP. Un usuario que ha iniciado sesión puede acceder a los datos del estado de la página de las páginas fijadas de otros usuarios mediante el hash de ID de página. Esta vulnerabilidad se soluciona en 5.1.4.

25 Mar 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-25 19:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45824

Mitre link : CVE-2023-45824

CVE.ORG link : CVE-2023-45824

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

4.3 /10