CVE-2019-7855 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00238 pctl0.46755

Details

Magento 2 Community Cryptographic Flaw A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.

Metadata

Created: 2022-05-24T16:52:22Z
Modified: 2024-02-12T11:46:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2w26-gmqm-mc5p/GHSA-2w26-gmqm-mc5p.json
CWE IDs: ["CWE-338"]
Alternative ID: GHSA-2w26-gmqm-mc5p
Finding: F034
Auto approve: 1