Lucene search
GitHub Advisory DatabaseGHSA-V7PX-46V9-5QWPHistoryMar 25, 2024 - 7:43 p.m.
Storefront user can access history and most viewed data from matching back-office user with the same ID
2024-03-2519:43:06
CWE-200
GitHub Advisory Database
github.com
5
storefront
back-office
user id
navigation
json
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.9
Confidence
High
EPSS
0
Percentile
9.0%
Impact
Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user.
Affected configurations
Node
orocustomer-portalRange5.1.0–5.1.3
ORorocustomer-portalRange5.0.0–5.0.11
ORorocustomer-portalRange4.2.0–4.2.10
ORorocustomer-portalRange4.1.0–4.1.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oro | customer-portal | * | cpe:2.3:a:oro:customer-portal:*:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-48296
2024-03-25 19:15:57
osv
osv
Storefront user can access history and most viewed data from matching back-office user with the same ID
2024-03-25 19:43:06
CVE-2023-48296
2024-03-25 19:15:57
cve
cve
CVE-2023-48296
2024-03-25 19:15:57
veracode
veracode
Information Disclosure
2024-03-29 08:26:51
cvelist
cvelist
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for GHSA-V7PX-46V9-5QWP