EUVD-2023-2919

Malicious code in bioql PyPI...

CVE-2023-32063

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

CVE-2023-32063

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

Security feature bypass

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

CVE-2023-32063

The CVE-2023-32063 issue affects OroCalendarBundle (used with Oro CRM/Oro applications) where back-office users can access information from any call event due to insufficient ACL checks. Root cause: security checks in the ACL layer were not properly enforced, enabling information disclosure. Impa...

CVE-2023-32063 OroCRMCallBundle has incorrect call view page visibility

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

GHSA-X2XM-P6VQ-482G OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...

OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...

CVE-2023-32062 OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...

PT-2023-23577 · Oro · Orocalendarbundle

Name of the Vulnerable Software and Affected Versions: OroCalendarBundle versions prior to 5.0.4 OroCalendarBundle versions prior to 5.1.1 Description: The issue allows back-office users to access information from any call event, bypassing ACL security restrictions due to insufficient security...