Vulnerability Bulletins

MSA-23-0026: IDOR in message processor fragments allows fetching of other users data

System information

Affected software PHP


por Michael Hawkins. Insufficient capability checks made it possible to fetch other users message processor preferences data.Severity/Risk:MinorVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Paul HoldenCVE identifier:CVE-2023-40322Changes (master):

More info:

Standar resources

Property Value
CVE CVE-2023-40322.

Version history

Version Comments Date
Ministerio de Defensa