CVE-2023-45824 MEDIUM

CVE-2023-45824: OroPlatform's pinned entity creation form shows pages of other users

Vendor Oroinc

Product platform

Weakness CWE-200 · Info exposure

Published March 25, 2024

Last update August 22, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.

Key dates

02Disclosure timeline

March 25, 2024 CVE published

August 22, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-45824 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2023-45824

CWE CWE-200

CVSS 4.3 / MEDIUM

Affected versions

Vendor Oroinc

Product platform

Affected >=4.2.0, <=4.2.10

Vendor Oroinc

Product platform

Affected >=5.0.0, <=5.0.12

Vendor Oroinc

Product platform

Affected >= 5.1.0, <= 5.1.3

CVE-2023-45824: OroPlatform's pinned entity creation form shows pages of other users

01Description

02Disclosure timeline

03References

04Related CVE