CVE-2019-7858 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00047 pctl0.14056

Details

Magento 2 Community Edition Cryptographic Flaw A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

Metadata

Created: 2022-05-24T16:52:23Z
Modified: 2024-02-12T11:46:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7h8v-f2g9-39fx/GHSA-7h8v-f2g9-39fx.json
CWE IDs: ["CWE-327"]
Alternative ID: GHSA-7h8v-f2g9-39fx
Finding: F052
Auto approve: 1