Описание
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-28087
- https://github.com/bonitasoft/bonita-engine/commit/1b3ac00f0178bfcfe8f01811a249b1893f0b1da1
- https://documentation.bonitasoft.com/bonita/2024.1/release-notes#_fixes_in_bonita_2024_1_u0_2024_04_11
- https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_2024_1_2024_04_11
Пакеты
Наименование
org.bonitasoft.engine:bonita-server
maven
Затронутые версииВерсия исправления
< 10.1.0.W11
10.1.0.W11
Связанные уязвимости
CVSS3: 6.5
nvd
больше 1 года назад
In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.