CVE-2023-45824
OroPlatform's pinned entity creation form shows pages of other users
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.
OroPlatform es una plataforma de aplicaciones empresariales (BAP) PHP. Un usuario que ha iniciado sesión puede acceder a los datos del estado de la página de las páginas fijadas de otros usuarios mediante el hash de ID de página. Esta vulnerabilidad se soluciona en 5.1.4.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-13 CVE Reserved
- 2024-03-25 CVE Published
- 2024-03-26 EPSS Updated
- 2024-08-22 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd | X_refsource_misc | |
| https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oroinc Search vendor "Oroinc" | Platform Search vendor "Oroinc" for product "Platform" | >= 4.2.0 <= 4.2.10 Search vendor "Oroinc" for product "Platform" and version " >= 4.2.0 <= 4.2.10" | en |
Affected
| ||||||
| Oroinc Search vendor "Oroinc" | Platform Search vendor "Oroinc" for product "Platform" | >= 5.0.0 <= 5.0.12 Search vendor "Oroinc" for product "Platform" and version " >= 5.0.0 <= 5.0.12" | en |
Affected
| ||||||
| Oroinc Search vendor "Oroinc" | Platform Search vendor "Oroinc" for product "Platform" | >= 5.1.0 <= 5.1.3 Search vendor "Oroinc" for product "Platform" and version " >= 5.1.0 <= 5.1.3" | en |
Affected
| ||||||