CVE-2023-32064

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-32064

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32064.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-32064

Aliases

GHSA-8gwj-68w6-7v6c

Published

2023-11-28T04:15:07Z

Modified

2024-06-06T14:22:08.548336Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.

References

https://github.com/oroinc/orocommerce/security/advisories/GHSA-8gwj-68w6-7v6c

Affected packages

Git / github.com/oroinc/orocommerce

Affected ranges

Type: GIT
Repo: https://github.com/oroinc/orocommerce
Events: Introduced

c2cd64739319fe0c592a64a94c727ed3a091b999

Fixed

4257b3c999a99ed751cc6a839a87ac994d2d7f70

Affected versions

5.*

5.0.0

5.0.1

5.0.10

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9