CVE-2019-8124 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.19 || >=2.2.0 <2.2.10 || >=2.3.0 <2.3.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00196 pctl0.41823

Details

Magento 2 Community Edition Insufficient Logging An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.

Metadata

Created: 2022-05-24T17:00:25Z
Modified: 2023-09-26T19:09:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x5q5-6wvf-2fpq/GHSA-x5q5-6wvf-2fpq.json
CWE IDs: ["CWE-345"]
Alternative ID: GHSA-x5q5-6wvf-2fpq
Finding: F204
Auto approve: 1