-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| oro/crm-call-bundle | composer | >= 4.2.0, <= 4.2.5 | |
| oro/crm-call-bundle | composer | >= 5.0.0, < 5.0.4 | 5.0.4 |
| oro/crm-call-bundle | composer | >= 5.1.0, < 5.1.1 | 5.1.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing access control enforcement in the call view endpoint. The patch adds @AclAncestor annotation to viewAction, which is Oro's security mechanism for ACL checks. The commit diff shows this annotation was added to prevent unauthorized access, confirming the unpatched version's viewAction was vulnerable due to missing this critical security annotation.