Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".

Related CVEs

CVE-2023-38335

Key Information

GHSA ID

GHSA-4x48-qpw5-qpgr

Published

July 20, 2023 6:33 PM

Last Modified

April 4, 2024 6:17 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 30, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.