Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
References:GSA_kwCzR0hTQS0zY2ZnLXcyNTctY2dmOM4ABEV-
Magento Information Exposure vulnerability
Affected Packages | Affected Versions | Fixed Versions | |
---|---|---|---|
packagist:magento/project-community-edition | <= 2.0.2 | No known fixed version | |
Affected Version RangesAll affected versions2.0.0, 2.0.1, 2.0.2 |
|||
packagist:magento/community-edition | = 2.4.8-beta1, = 2.4.4, = 2.4.5, = 2.4.6, = 2.4.7, < 2.4.4-p12, >= 2.4.5-p1, < 2.4.5-p11, >= 2.4.6-p1, < 2.4.6-p9, >= 2.4.7-beta1, < 2.4.7-p4 | , , , , , 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4 | |
Affected Version RangesAll affected versions2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.4-p1, 2.4.4-p10, 2.4.4-p11, 2.4.5, 2.4.5-p1, 2.4.5-p10, 2.4.6, 2.4.6-p1, 2.4.6-p2, 2.4.6-p3, 2.4.6-p4, 2.4.6-p5, 2.4.6-p6, 2.4.6-p7, 2.4.6-p8, 2.4.6-p10, 2.4.6-p11, 2.4.7, 2.4.7-beta1, 2.4.7-beta2, 2.4.7-beta3, 2.4.7-p1, 2.4.7-p2, 2.4.7-p3, 2.4.8-beta1 All unaffected versions2.4.8 |