CVE-2021-21026 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=0 <2.3.6-p1 || >=2.4.0 <2.4.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00729 pctl0.71807

Details

Magento improper authorization vulnerability in the integrations module Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

Metadata

Created: 2022-05-24T17:41:56Z
Modified: 2025-02-10T20:52:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-crjc-2v9m-8w7r/GHSA-crjc-2v9m-8w7r.json
CWE IDs: ["CWE-285"]
Alternative ID: GHSA-crjc-2v9m-8w7r
Finding: F039
Auto approve: 1