CVE-2023-32062

Published: Nov 27, 2023

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

5.0

MEDIUM

Description

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

Vendor	Product	Versions
oroinc	crm	affected `>= 4.2.0, <= 4.2.6` affected `>= 5.0.0, <= 5.0.6` affected `>= 5.1.0, < 5.1.1`

Weaknesses (CWE)

CWE-284

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g

x_refsource_CONFIRM

https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b

x_refsource_MISC

https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-32062

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References