CVE-2024-29197 Pimcore Preview Documents are not restricted to logged in users anymore

Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument ?pimcorepreview=true allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer...

CVE-2024-29197

CVE-2024-29197 affects Pimcore (Open Source Data & Experience Management Platform). The issue allows viewing unpublished sites when the query parameter ?pimcore_preview=true is used, due to previews no longer being properly access-controlled. This could let an unauthenticated user access potentia...