CVE-2022-34256 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.3.0 <2.3.7-p4 || >=2.4.4 <2.4.5 || >=2.4.0 <2.4.3-p3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00409 pctl0.60449

Details

Magento Improper Authorization vulnerability Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.

Metadata

Created: 2022-08-17T00:00:19Z
Modified: 2024-01-11T19:35:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-r7mm-grf3-5fjv/GHSA-r7mm-grf3-5fjv.json
CWE IDs: ["CWE-285", "CWE-863"]
Alternative ID: GHSA-r7mm-grf3-5fjv
Finding: F039
Auto approve: 1