CVE-2019-7864 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0006 pctl0.18936

Details

Magento 2 Community Edition IDOR Vulnerability An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

Metadata

Created: 2022-05-24T16:52:23Z
Modified: 2024-02-12T11:44:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c33v-23rx-7qqc/GHSA-c33v-23rx-7qqc.json
CWE IDs: ["CWE-639"]
Alternative ID: GHSA-c33v-23rx-7qqc
Finding: F039
Auto approve: 1