GHSA-jhcf-j4hg-v64r

Source

https://github.com/advisories/GHSA-jhcf-j4hg-v64r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jhcf-j4hg-v64r/GHSA-jhcf-j4hg-v64r.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-jhcf-j4hg-v64r

Aliases

CVE-2019-18981

Published

2022-05-24T17:01:23Z

Modified

2023-11-01T04:50:47.364652Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Pimcore Access Control Issues

Details

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

Database specific

{
    "github_reviewed_at": "2023-07-18T22:06:54Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-838"
    ],
    "nvd_published_at": "2019-11-15T05:15:00Z"
}

References

Affected packages

Packagist / pimcore/pimcore

Package

Name: pimcore/pimcore
Purl: pkg:composer/pimcore/pimcore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.2

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.3.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

4.*

4.0.0

4.0.1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0

4.3.0

4.3.1

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

v5.*

v5.0.0-RC

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1.0-alpha

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.3.0

v5.3.1

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v5.8.1

v5.8.2

v5.8.3

v5.8.4

v5.8.5

v5.8.6

v5.8.7

v5.8.8

v5.8.9

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.1.0

v6.1.1

v6.1.2

v6.2.0

v6.2.1