Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.
References:GSA_kwCzR0hTQS01amZnLXBoeDctN2Z4Z84AAz4n
Magento Open Source affected by Improper Input Validation
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
| packagist:magento/project-community-edition | <= 2.0.2 | No known fixed version | |
Affected Version RangesAll affected versions2.0.0, 2.0.1, 2.0.2 |
|||
| packagist:magento/community-edition | = 2.4.5, = 2.4.4, >= 2.4.4-p1, < 2.4.4-p4, >= 2.4.5-p1, < 2.4.5-p3, = 2.4.6 | , , 2.4.5-p4, 2.4.5-p3, | |
Affected Version RangesAll affected versions2.4.4, 2.4.4-p1, 2.4.4-p2, 2.4.4-p3, 2.4.4-p10, 2.4.4-p11, 2.4.4-p12, 2.4.4-p13, 2.4.5, 2.4.5-p1, 2.4.5-p2, 2.4.5-p10, 2.4.5-p11, 2.4.5-p12, 2.4.5-p13, 2.4.5-p14, 2.4.6 All unaffected versions2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.7, 2.4.8 |
|||