CVE-2020-9587 – magento/project-community-edition

Package

Manager: composer
Name: magento/project-community-edition
Vulnerable Version: >=0 <=2.0.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00551 pctl0.67016

Details

Magento authorization bypass vulnerability Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

Metadata

Created: 2022-05-24T17:21:49Z
Modified: 2025-02-10T20:27:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8wm7-h2qh-ff4c/GHSA-8wm7-h2qh-ff4c.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-8wm7-h2qh-ff4c
Finding: F006
Auto approve: 1