GHSA-76v2-48w6-crxr

Suggest an improvement
Source
https://github.com/advisories/GHSA-76v2-48w6-crxr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-76v2-48w6-crxr/GHSA-76v2-48w6-crxr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-76v2-48w6-crxr
Aliases
  • CVE-2024-28087
Published
2024-05-15T18:30:35Z
Modified
2024-09-05T18:42:11.078048Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Details

In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.

Database specific
{
    "nvd_published_at": "2024-05-15T17:15:10Z",
    "cwe_ids": [
        "CWE-284",
        "CWE-639"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T19:48:34Z"
}
References

Affected packages

Maven / org.bonitasoft.engine:bonita-server

Package

Name
org.bonitasoft.engine:bonita-server
View open source insights on deps.dev
Purl
pkg:maven/org.bonitasoft.engine/bonita-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.0.W11

Affected versions

6.*

6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.3.7
6.3.8
6.3.9
6.4.0
6.4.1
6.4.2
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.1.0
7.1.2
7.1.3
7.1.4
7.1.5
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.3.0
7.3.1
7.3.2
7.3.3
7.4.0
7.4.1
7.4.2
7.4.3
7.5.0.beta-02
7.5.0
7.5.1
7.5.2
7.5.4
7.6.0
7.6.1
7.6.2
7.6.3
7.7.0
7.7.1
7.7.2
7.7.3
7.7.4
7.7.5
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.10.0
7.10.1
7.10.3
7.10.4
7.10.5
7.10.6
7.11.0
7.11.1
7.11.2
7.11.3
7.11.4
7.12.1
7.13.0
7.14.0
7.15.0

8.*

8.0.0

9.*

9.0.0

10.*

10.0.0
10.1.0