Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04d203LWgycWgtZmY0Y84AAlKU
Magento authorization bypass vulnerability
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
Permalink: https://github.com/advisories/GHSA-8wm7-h2qh-ff4cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04d203LWgycWgtZmY0Y84AAlKU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 10 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-8wm7-h2qh-ff4c, CVE-2020-9587
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-9587
- https://helpx.adobe.com/security/products/magento/apsb20-22.html
- https://github.com/advisories/GHSA-8wm7-h2qh-ff4c
Affected Packages
packagist:magento/core
Affected Version Ranges: < 1.9.4.5Fixed in: 1.9.4.5
packagist:magento/community-edition
Dependent packages: 13Dependent repositories: 12
Downloads: 48,381 total
Affected Version Ranges: >= 2.3.0, < 2.3.4-p2, <= 2.2.11
Fixed in: 2.3.4-p2,
All affected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3
All unaffected versions: 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7