Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Any value can be changed in the configuration table by an employee having access to block reassurance module
Impact
An ajax function in module blockreassurance allows modifying any value in the configuration table
Patches
v5.1.4
Workarounds
no workaround available
References
Permalink: https://github.com/advisories/GHSA-xfm3-hjcc-gv78JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 6 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-xfm3-hjcc-gv78, CVE-2023-47110
References:
- https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78
- https://github.com/PrestaShop/blockreassurance/commit/0a74bf1ebb907eef39e235a3a6dca0c28ed3ad23
- https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4
- https://nvd.nist.gov/vuln/detail/CVE-2023-47110
- https://github.com/advisories/GHSA-xfm3-hjcc-gv78
Blast Radius: 12.8
Affected Packages
packagist:prestashop/blockreassurance
Dependent packages: 2Dependent repositories: 260
Downloads: 3,113,073 total
Affected Version Ranges: <= 5.1.3
Fixed in: 5.1.4
All affected versions: 1.0.1, 1.0.5, 1.0.6, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 3.0.0, 3.0.1, 4.1.0, 4.1.1, 5.0.0, 5.1.0, 5.1.1, 5.1.2, 5.1.3
All unaffected versions: 5.1.4, 6.0.0