Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ocHh2LXZwZnYtN2pjOc4AAhkO

Magento 2 Community Edition IDOR Vulnerability

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

Permalink: https://github.com/advisories/GHSA-hpxv-vpfv-7jc9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocHh2LXZwZnYtN2pjOc4AAhkO
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 9 days ago


CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-hpxv-vpfv-7jc9, CVE-2019-7854
References:

Affected Packages

packagist:magento/community-edition
Versions: >= 2.3.0, < 2.3.2, >= 2.2.0, < 2.2.9, >= 2.1.0, < 2.1.18
Fixed in: 2.3.2, 2.2.9, 2.1.18