Описание
OroCalendarBundle has incorrect system calendar events visibility
OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks.
Ссылки
Пакеты
Наименование
oro/calendar-bundle
composer
Затронутые версииВерсия исправления
>= 4.2.0, <= 4.2.6
Отсутствует
Наименование
oro/calendar-bundle
composer
Затронутые версииВерсия исправления
>= 5.0.0, <= 5.0.6
5.0.7
Наименование
oro/calendar-bundle
composer
Затронутые версииВерсия исправления
>= 5.1.0, < 5.1.1
5.1.1
Связанные уязвимости
CVSS3: 5
nvd
около 2 лет назад
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.