GHSA-g66v-3v62-g375
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g66v-3v62-g375
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-g66v-3v62-g375/GHSA-g66v-3v62-g375.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g66v-3v62-g375
- Aliases
- Published
- 2023-04-21T03:30:36Z
- Modified
- 2024-02-16T08:19:04.115508Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- RosarioSIS improper access control vulnerability
- Details
-
RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information (PII) and sensitive information even after logging out of the application by using the browser's back button.
- Database specific
{ "nvd_published_at": "2023-04-21T02:15:07Z", "cwe_ids": [ "CWE-284" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-04-24T20:19:30Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-2202
- https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be
- https://github.com/francoisjacquet/rosariosis
- https://github.com/francoisjacquet/rosariosis/compare/v10.9.2...v10.9.3
- https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c
Affected packages
Packagist / francoisjacquet/rosariosis
Package
- Name
- francoisjacquet/rosariosis
- Purl
- pkg:composer/francoisjacquet/rosariosis
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.9.3
Affected versions
v5.*
v5.0-beta3
v5.0-beta4
v5.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.1-beta
v5.1
v5.1.1
v5.2-beta
v5.2
v5.3-beta
v5.3
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.4-beta
v5.4
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.4.6
v5.4.7
v5.5-beta
v5.5-beta2
v5.5-beta3
v5.5
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6-beta
v5.6
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.7
v5.7.1
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.8-beta
v5.8-beta2
v5.8-beta3
v5.8-beta4
v5.8-beta5
v5.8
v5.8.1
v5.9-beta2
v5.9-beta3
v5.9
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v5.9.5
v5.9.6
v6.*
v6.0-beta
v6.0
v6.1
v6.2
v6.2.1
v6.2.2
v6.2.3
v6.3
v6.4
v6.4.1
v6.4.2
v6.5
v6.5.1
v6.5.2
v6.6
v6.6.1
v6.7
v6.7.1
v6.7.2
v6.8-beta
v6.8
v6.8.1
v6.9-beta
v6.9
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v7.*
v7.0-beta
v7.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.2
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.3
v7.3.1
v7.4
v7.5
v7.6
v7.6.1
v7.7
v7.8
v7.8.1
v7.8.2
v7.8.3
v7.8.4
v7.9
v7.9.1
v7.9.2
v7.9.3
v8.*
v8.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1
v8.1.1
v8.2
v8.2.1
v8.3
v8.3.1
v8.4
v8.5
v8.5.1
v8.5.2
v8.6
v8.6.1
v8.7
v8.8
v8.9
v8.9.1
v8.9.2
v8.9.3
v8.9.4
v8.9.5
v8.9.6
v9.*
v9.0
v9.1
v9.1.1
v9.2.2
v9.3
v9.3.1
v9.3.2
v10.*
v10.1
v10.2
v10.2.1
v10.2.2
v10.2.3
v10.3
v10.3.1
v10.3.2
v10.3.3
v10.4
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.5
v10.5.1
v10.5.2
v10.6
v10.6.1
v10.6.2
v10.6.3
v10.7
v10.7.1
v10.8
v10.8.1
v10.8.2
v10.8.3
v10.8.4
v10.8.5
v10.9
v10.9.1
v10.9.2