CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

Improper Authentication

org.apache.ozone ozone-main is vulnerable to Improper Authentication. The vulnerability is due to improper verification for the identity of a user accessing the Storage Container Manager service. This flaw allows an attackers to download internal metadata without the need for proper authenticatio...