CVE-2023-32062

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-32062

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32062.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-32062

Aliases

GHSA-x2xm-p6vq-482g

Published

2023-11-27T22:15:07Z

Modified

2024-09-03T04:31:12.277771Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

References

Affected packages

Git / github.com/oroinc/orocalendarbundle

Affected ranges

Type: GIT
Repo: https://github.com/oroinc/orocalendarbundle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

460a8ffb63b10c76f2fa26d53512164851c4909b

Fixed

5f4734aa02088191c1c1d90ac0909f48610fe531

Type: GIT
Repo: https://github.com/oroinc/platform
Events: Introduced

a98b3aa020dae96d8191a0cdfa94ad009ad41a3e

Fixed

1d1e5f67803da3d82a56e5a910f9c887d1946e77

Affected versions

3.*

3.1.0-beta

3.1.0-rc

4.*

4.1.0-rc4

4.2.0-alpha.2

5.*

5.0.0

5.0.0-alpha.1

5.0.0-rc

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.1.0

5.1.0-alpha.1