Posted by Nicolas Malin (Jira) on Jun 18, 2020; 1:19pm
URL: http://ofbiz.116.s1.nabble.com/jira-Created-OFBIZ-11836-IDOR-vulnerability-in-the-order-processing-feature-tp4753950.html

Jacques Le Roux created OFBIZ-11836:
---------------------------------------

             Summary: IDOR vulnerability in the order processing feature
                 Key: OFBIZ-11836
                 URL: https://issues.apache.org/jira/browse/OFBIZ-11836
             Project: OFBiz
          Issue Type: Sub-task
          Components: ecommerce, order
    Affects Versions: Trunk
            Reporter: Jacques Le Roux


Harshit Shukla <[hidden email]> reported this IDOR vulnerability to the OFBiz security team, and we thank him for that.

I'll later quote here his email message when the vulnerability will be fixed. It's a post-auth vulnerability so we did not ask for a CVE.




--
This message was sent by Atlassian Jira
(v8.3.4#803005)