Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privilege escalation.
GSA_kwCzR0hTQS1ycGM3LWdmNTgtdjN4Ms4AA2bj
Magento Open Source allows Incorrect Authorization
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
| packagist:magento/project-community-edition | <= 2.0.2 | No known fixed version | |
Affected Version RangesAll affected versions2.0.0, 2.0.1, 2.0.2 |
|||
| packagist:magento/community-edition | >= 2.4.4-p1, < 2.4.4-p6, >= 2.4.5-p1, < 2.4.5-p5, >= 2.4.6-p1, < 2.4.6-p3, = 2.4.4, = 2.4.5, = 2.4.6, = 2.4.7-beta1 | 2.4.4-p6, 2.4.5-p5, 2.4.6-p3, , , , 2.4.7-beta2 | |
Affected Version RangesAll affected versions2.4.4, 2.4.4-p1, 2.4.4-p2, 2.4.4-p3, 2.4.4-p4, 2.4.4-p5, 2.4.4-p10, 2.4.4-p11, 2.4.4-p12, 2.4.4-p13, 2.4.5, 2.4.5-p1, 2.4.5-p2, 2.4.5-p3, 2.4.5-p4, 2.4.5-p10, 2.4.5-p11, 2.4.5-p12, 2.4.5-p13, 2.4.6, 2.4.6-p1, 2.4.6-p2, 2.4.6-p10, 2.4.6-p11, 2.4.7-beta1 All unaffected versions2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.7, 2.4.8 |
|||