Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-h2ur-dutp-gqba
Vulnerability ID VCID-h2ur-dutp-gqba
Aliases CVE-2023-45824
GHSA-vxq2-p937-3px3
Summary Pinned entity creation form shows wrong data Logged in user can access page state data of pinned pages of other users by pageId hash.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/oroinc/platform
https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd
CVE-2023-45824 https://nvd.nist.gov/vuln/detail/CVE-2023-45824
GHSA-vxq2-p937-3px3 https://github.com/advisories/GHSA-vxq2-p937-3px3
GHSA-vxq2-p937-3px3 https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:47:26.474714+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2023-45824.yml 38.6.0