GHSA-76v2-48w6-crxr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-76v2-48w6-crxr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-76v2-48w6-crxr/GHSA-76v2-48w6-crxr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-76v2-48w6-crxr
- Aliases
-
- CVE-2024-28087
- Published
- 2024-05-15T18:30:35Z
- Modified
- 2024-09-05T18:46:37.163267Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
- Details
-
In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.
- Database specific
{ "nvd_published_at": "2024-05-15T17:15:10Z", "cwe_ids": [ "CWE-284", "CWE-639" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-15T19:48:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-28087
- https://github.com/bonitasoft/bonita-engine/commit/1b3ac00f0178bfcfe8f01811a249b1893f0b1da1
- https://documentation.bonitasoft.com/bonita/2024.1/release-notes#_fixes_in_bonita_2024_1_u0_2024_04_11
- https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_2024_1_2024_04_11
- https://github.com/bonitasoft/bonita-engine
Affected packages
Maven / org.bonitasoft.engine:bonita-server
Package
- Name
- org.bonitasoft.engine:bonita-server
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bonitasoft.engine/bonita-server
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.1.0.W11
Affected versions
6.*
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.3.7
6.3.8
6.3.9
6.4.0
6.4.1
6.4.2
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.1.0
7.1.2
7.1.3
7.1.4
7.1.5
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.3.0
7.3.1
7.3.2
7.3.3
7.4.0
7.4.1
7.4.2
7.4.3
7.5.0.beta-02
7.5.0
7.5.1
7.5.2
7.5.4
7.6.0
7.6.1
7.6.2
7.6.3
7.7.0
7.7.1
7.7.2
7.7.3
7.7.4
7.7.5
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.10.0
7.10.1
7.10.3
7.10.4
7.10.5
7.10.6
7.11.0
7.11.1
7.11.2
7.11.3
7.11.4
7.12.1
7.13.0
7.14.0
7.15.0
8.*
8.0.0
9.*
9.0.0
10.*
10.0.0
10.1.0