Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12N3B4LTQ2djktNXF3cM4AA6Rj
Storefront user can access history and most viewed data from matching back-office user with the same ID
Impact
Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user.
Permalink: https://github.com/advisories/GHSA-v7px-46v9-5qwpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12N3B4LTQ2djktNXF3cM4AA6Rj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 month ago
Updated: about 1 month ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-v7px-46v9-5qwp, CVE-2023-48296
References:
- https://github.com/oroinc/orocommerce/security/advisories/GHSA-v7px-46v9-5qwp
- https://github.com/oroinc/orocommerce/commit/41c526498012d44cd88852c63697f1ef53b61db8
- https://nvd.nist.gov/vuln/detail/CVE-2023-48296
- https://github.com/advisories/GHSA-v7px-46v9-5qwp
Blast Radius: 4.5
Affected Packages
packagist:oro/customer-portal
Dependent packages: 2Dependent repositories: 11
Downloads: 24,315 total
Affected Version Ranges: >= 5.1.0, <= 5.1.3, >= 5.0.0, <= 5.0.11, >= 4.2.0, <= 4.2.10, >= 4.1.0, <= 4.1.13
Fixed in: 5.1.4, , ,
All affected versions: 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.1.0, 5.1.1, 5.1.2, 5.1.3
All unaffected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.6.0, 2.6.1, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 4.0.0, 5.1.4, 5.1.5, 5.1.6, 6.0.0