CVE-2019-7854 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00086 pctl0.25786

Details

Magento 2 Community Edition IDOR Vulnerability An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

Metadata

Created: 2022-05-24T16:52:23Z
Modified: 2024-02-12T11:46:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hpxv-vpfv-7jc9/GHSA-hpxv-vpfv-7jc9.json
CWE IDs: ["CWE-639"]
Alternative ID: GHSA-hpxv-vpfv-7jc9
Finding: F274
Auto approve: 1