Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01ZjY0LXBwbWctY3Z2bc4ABALB

High CVSS: 7.1 EPSS: 0.00156% (0.37048 Percentile) EPSS:
Permalink JSON

Magento Open Source Improper Authorization vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:magento/community-edition = 2.4.4, = 2.4.5, = 2.4.6, = 2.4.7, < 2.4.4-p11, >= 2.4.5-p1, < 2.4.5-p10, >= 2.4.6-p1, < 2.4.6-p8, >= 2.4.7-beta1, < 2.4.7-p3 , , , , 2.4.4-p11, 2.4.5-p10, 2.4.6-p8, 2.4.7-p3
13 Dependent packages
12 Dependent repositories
50,743 Downloads total

Affected Version Ranges

All affected versions

0.1.0-alpha89, 0.1.0-alpha90, 0.1.0-alpha91, 0.1.0-alpha92, 0.1.0-alpha93, 0.1.0-alpha94, 0.1.0-alpha95, 0.1.0-alpha96, 0.1.0-alpha97, 0.1.0-alpha98, 0.1.0-alpha99, 0.1.0-alpha100, 0.1.0-alpha101, 0.1.0-alpha102, 0.1.0-alpha103, 0.1.0-alpha104, 0.1.0-alpha105, 0.1.0-alpha106, 0.1.0-alpha107, 0.1.0-alpha108, 0.42.0-beta1, 0.42.0-beta2, 0.42.0-beta3, 0.42.0-beta4, 0.42.0-beta5, 0.42.0-beta6, 0.42.0-beta7, 0.42.0-beta8, 0.42.0-beta9, 0.42.0-beta10, 0.42.0-beta11, 0.74.0-beta1, 0.74.0-beta2, 0.74.0-beta3, 0.74.0-beta4, 0.74.0-beta5, 0.74.0-beta6, 0.74.0-beta7, 0.74.0-beta8, 0.74.0-beta9, 0.74.0-beta10, 0.74.0-beta11, 0.74.0-beta12, 0.74.0-beta13, 0.74.0-beta14, 0.74.0-beta15, 0.74.0-beta16, 1.0.0-beta, 1.0.0-beta2, 1.0.0-beta3, 1.0.0-beta4, 1.0.0-beta5, 1.0.0-beta6, 2.0.0, 2.0.0-rc, 2.0.0-rc2, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.0-rc1, 2.1.0-rc2, 2.1.0-rc3, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.2-p2, 2.3.3, 2.3.3-p1, 2.3.4, 2.3.4-p2, 2.3.5, 2.3.5-p1, 2.3.5-p2, 2.3.6, 2.3.6-p1, 2.3.7, 2.3.7-p1, 2.3.7-p2, 2.3.7-p3, 2.3.7-p4, 2.4.0, 2.4.0-p1, 2.4.1, 2.4.1-p1, 2.4.2, 2.4.2-p1, 2.4.2-p2, 2.4.3, 2.4.3-p1, 2.4.3-p2, 2.4.3-p3, 2.4.4, 2.4.4-p1, 2.4.4-p2, 2.4.4-p3, 2.4.4-p4, 2.4.4-p5, 2.4.4-p6, 2.4.4-p7, 2.4.4-p8, 2.4.4-p9, 2.4.4-p10, 2.4.4-p11, 2.4.4-p12, 2.4.4-p13, 2.4.5, 2.4.5-p1, 2.4.5-p2, 2.4.5-p3, 2.4.5-p4, 2.4.5-p5, 2.4.5-p6, 2.4.5-p7, 2.4.5-p8, 2.4.5-p9, 2.4.5-p10, 2.4.5-p11, 2.4.5-p12, 2.4.5-p13, 2.4.5-p14, 2.4.6, 2.4.6-p1, 2.4.6-p2, 2.4.6-p3, 2.4.6-p4, 2.4.6-p5, 2.4.6-p6, 2.4.6-p7, 2.4.6-p8, 2.4.6-p9, 2.4.6-p10, 2.4.6-p11, 2.4.6-p12, 2.4.6-p13, 2.4.7, 2.4.7-beta1, 2.4.7-beta2, 2.4.7-beta3, 2.4.7-p1, 2.4.7-p2, 2.4.7-p3, 2.4.7-p4, 2.4.7-p5, 2.4.7-p6, 2.4.7-p7, 2.4.7-p8

All unaffected versions

2.4.8

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.

References:

Identifiers

GHSA-5f64-ppmg-cvvm

CVE-2024-45132

Risk

Severity

High

CVSS

CVSS Score: 7.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00156

EPSS Percentile: 0.37048

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

about 1 year ago

Updated

about 1 year ago

API

JSON