Lucene search

Veracode Vulnerability DatabaseVERACODE:44470

HistoryNov 29, 2023 - 9:18 a.m.

Information Disclosure

2023-11-2909:18:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

information disclosure

vulnerability

access control

customer

back-office

acl restrictions

software

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.0%

JSON

oro/customer-portal is vulnerable to Information Disclosure. An access control vulnerability allows back-office users to bypass access control (ACL) restrictions and access information about Customer and Customer User menus.

CPENameOperatorVersion
oro/customer-portalle5.1.0
oro/customer-portalle5.0.10
oro/customer-portalle5.1.0
oro/customer-portalle5.0.10

Name	Operator	Version
oro/customer-portal	le	5.1.0
oro/customer-portal	le	5.0.10
oro/customer-portal	le	5.1.0
oro/customer-portal	le	5.0.10

References

github.com/advisories/GHSA-8gwj-68w6-7v6c

github.com/oroinc/orocommerce/commit/6936754dbb228b3ab067431bb3d1d817d67736dd

github.com/oroinc/orocommerce/commit/dba5d5f79a8004b5a30c3c879309a80ee1a5dd9b

github.com/oroinc/orocommerce/security/advisories/GHSA-8gwj-68w6-7v6c

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.0%

JSON

Related for VERACODE:44470