CVE-2023-45824

Published: Mar 25, 2024Modified: Mar 10, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.

Affected (1)

Products: Oroinc: Oroplatform

Oroinc

1 product

Oroplatform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oroinc Oroplatform	From 4.2.0 to 5.1.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd

Source: security-advisories@github.com

Product

https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3

Source: security-advisories@github.com

PatchVendor Advisory

https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.