CVE-2019-8118 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.19 || >=2.2.0 <2.2.10 || >=2.3.0 <2.3.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00047 pctl0.13897

Details

Magento 2 Community Edition Weak Cryptography Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Metadata

Created: 2022-05-24T17:00:25Z
Modified: 2023-09-26T18:55:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hmch-9947-82rj/GHSA-hmch-9947-82rj.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-hmch-9947-82rj
Finding: F020
Auto approve: 1