GHSA-pmc7-hmmw-g96q

Source

https://github.com/advisories/GHSA-pmc7-hmmw-g96q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-pmc7-hmmw-g96q/GHSA-pmc7-hmmw-g96q.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-pmc7-hmmw-g96q

Aliases

CVE-2023-36238

Published

2024-03-13T21:31:02Z

Modified

2024-12-04T22:47:41.466121Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Bagisto vulnerable to Insecure Direct Object Reference (IDOR)

Details

Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter.

Database specific

{
    "nvd_published_at": "2024-03-13T21:15:53Z",
    "github_reviewed_at": "2024-03-15T21:03:01Z",
    "cwe_ids": [
        "CWE-639"
    ],
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

Packagist / bagisto/bagisto

Package

Name: bagisto/bagisto
Purl: pkg:composer/bagisto/bagisto

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.2

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4-BETA1

v0.1.4-BETA2

v0.1.4-BETA3

v0.1.4-BETA4

v0.1.4

v0.1.5

v0.1.6-ALPHA1

v0.1.6

v0.1.7-BETA1

v0.1.7-BETA2

v0.1.7

v0.1.8

v0.1.9-BETA1

v0.1.9

v0.2.0

v0.2.1

v0.2.2

v1.*

v1.0.0-BETA1

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.2.0-BETA1

v1.2.0

v1.3.0

v1.3.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-pmc7-hmmw-g96q/GHSA-pmc7-hmmw-g96q.json"