CVE-2023-32063

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-32063

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32063.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-32063

Aliases

GHSA-897w-jv7j-6r7g

Published

2023-11-28T04:15:07Z

Modified

2024-06-06T14:21:56.334773Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.

References

Affected packages

Git / github.com/oroinc/crm

Affected ranges

Type: GIT
Repo: https://github.com/oroinc/crm
Events: Introduced

ca602fbd33d82aab0eb43e7a02b4295a258ea3d6

Fixed

53cfde202f80485c9aa8871998032dfbaeddc340

Type: GIT
Repo: https://github.com/oroinc/orocrmcallbundle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

456b1dda7762abf4ff59eafffaa70ab7f09d1c85

Fixed

9a41dff459bb4aff864175ca883d553ac0954950

Affected versions

3.*

3.1.0

3.1.0-beta

3.1.0-rc

4.*

4.0.0-rc

4.1.0-rc4

4.2.0-alpha.2

4.2.0-alpha.3

4.2.0-beta

4.2.0-rc

5.*

5.0.0

5.0.0-alpha.1

5.0.0-alpha.2

5.0.0-rc

5.0.1

5.0.2

5.0.3

5.1.0

5.1.0-alpha.1

5.1.0-alpha.2

5.1.0-beta.1

5.1.0-beta.2

5.1.0-rc.1