GSA_kwCzR0hTQS0yd203LW1tZ2MtcXhyM84AAyWc

Moderate CVSS: 5.3 EPSS: 0.00222% (0.44881 Percentile) EPSS:

Permalink JSON

Magento Open Source allows Incorrect Authorization

Affected Packages	Affected Versions	Fixed Versions
packagist:magento/project-community-edition	<= 2.0.2	No known fixed version
9 Dependent packages 11 Dependent repositories 4,251 Downloads total Affected Version Ranges All affected versions 2.0.0, 2.0.1, 2.0.2
packagist:magento/community-edition	= 2.4.4, = 2.4.5, = 2.4.5-p1, >= 2.4.4-p1, < 2.4.4-p3	, , 2.4.5-p2, 2.4.4-p3
13 Dependent packages 12 Dependent repositories 49,793 Downloads total Affected Version Ranges All affected versions 2.4.4, 2.4.4-p1, 2.4.4-p2, 2.4.4-p10, 2.4.4-p11, 2.4.4-p12, 2.4.4-p13, 2.4.5, 2.4.5-p1 All unaffected versions 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.6, 2.4.7, 2.4.8

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.

References:

Identifiers

GHSA-2wm7-mmgc-qxr3

CVE-2023-22251

Risk

Severity

Moderate

CVSS

CVSS Score: 5.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00222

EPSS Percentile: 0.44881

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 2 years ago

Updated

5 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories