Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03aDh2LWYyZzktMzlmeM4AAhki

Magento 2 Community Edition Cryptographic Flaw

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

Permalink: https://github.com/advisories/GHSA-7h8v-f2g9-39fx
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03aDh2LWYyZzktMzlmeM4AAhki
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 17 days ago


CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-7h8v-f2g9-39fx, CVE-2019-7858
References:

Affected Packages

packagist:magento/community-edition
Versions: >= 2.3.0, < 2.3.2, >= 2.2.0, < 2.2.9, >= 2.1.0, < 2.1.18
Fixed in: 2.3.2, 2.2.9, 2.1.18