CVE-2023-32063: Incorrect call view page visibility

Skip to content

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Moderate

dkhrysev published GHSA-897w-jv7j-6r7g

Nov 27, 2023

Package

composer oro/crm-call-bundle (Composer)

Affected versions

>=4.2.0, <=4.2.5 || >=5.0.0, <=5.0.3 || >=5.1.0, <5.1.1

Patched versions

5.1.1, 5.0.4

Description

Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks.

Severity

CVSS base metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N