CVE-2019-7890 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1 <2.1.18 || >=2.2 <2.2.9 || >=2.3 <2.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00086 pctl0.25774

Details

Magento 2 Community Edition IDOR Vulnerability An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

Metadata

Created: 2022-05-24T16:52:26Z
Modified: 2024-02-12T11:32:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3pgc-7jf3-5x5g/GHSA-3pgc-7jf3-5x5g.json
CWE IDs: ["CWE-639"]
Alternative ID: GHSA-3pgc-7jf3-5x5g
Finding: F039
Auto approve: 1