Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Any value can be changed in the configuration table by an employee having access to block reassurance module
Impact
An ajax function in module blockreassurance allows modifying any value in the configuration table
Patches
v5.1.4
Workarounds
no workaround available
References
Permalink: https://github.com/advisories/GHSA-xfm3-hjcc-gv78JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 19 days ago
Updated: 13 days ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-xfm3-hjcc-gv78, CVE-2023-47110
References:
- https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78
- https://github.com/PrestaShop/blockreassurance/commit/0a74bf1ebb907eef39e235a3a6dca0c28ed3ad23
- https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4
- https://nvd.nist.gov/vuln/detail/CVE-2023-47110
- https://github.com/advisories/GHSA-xfm3-hjcc-gv78
Affected Packages
packagist:prestashop/blockreassurance
Versions: <= 5.1.3Fixed in: 5.1.4