CVE-2023-45824

EUVD-2024-1018
OroPlatform is a PHP Business Application Platform (BAP).  A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
GitHub_MCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
oroincoroplatform
4.2.0 ≤
𝑥
< 5.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3