We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions.
The attacker can view and freely perform actions to add, modify, or delete rules.
Update to version 3.4.1 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch
Apply https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch manually.
https://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6/
Impact
The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions.
The attacker can view and freely perform actions to add, modify, or delete rules.
Patches
Update to version 3.4.1 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch
Workarounds
Apply https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch manually.
References
https://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6/