CVE-2023-32062 Information

Description

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

Reference

https://github.com/oroinc/crm/security/advisories/GHSA-x2xm-p6vq-482g https://github.com/oroinc/OroCalendarBundle/commit/460a8ffb63b10c76f2fa26d53512164851c4909b https://github.com/oroinc/OroCalendarBundle/commit/5f4734aa02088191c1c1d90ac0909f48610fe531