You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Learn more on MITRE.
Impact
The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions.
The attacker can view and freely perform actions to add, modify, or delete rules.
Patches
Update to version 3.4.1 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch
Workarounds
Apply https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch manually.
References
https://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6/