Vulnerability Bulletins

MSA-23-0026: IDOR in message processor fragments allows fetching of other users data

System information

Affected software PHP


by Michael Hawkins. Insufficient capability checks made it possible to fetch other users message processor preferences data.Severity/Risk:MinorVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Paul HoldenCVE identifier:CVE-2023-40322Changes (master):

More info:

Standar resources

Property Value
CVE CVE-2023-40322.

Version history

Version Comments Date
1.0 Advisory issued 2023-08-22
Ministerio de Defensa