CVE-2020-7964

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-7964
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7964.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7964
Aliases
Published
2020-01-24T20:15:11Z
Modified
2024-06-06T13:20:05.134513Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).

References

Affected packages

Git / github.com/mirumee/saleor

Affected ranges

Type
GIT
Repo
https://github.com/mirumee/saleor
Events
Type
GIT
Repo
https://github.com/saleor/saleor
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0

v2016.*

v2016.07.0

v2017.*

v2017.02.0
v2017.02.1
v2017.03.0
v2017.03.1
v2017.03.2
v2017.03.3
v2017.03.4
v2017.07.0
v2017.09
v2017.10
v2017.11
v2017.12
v2017.12.1

v2018.*

v2018.01
v2018.02
v2018.03
v2018.04
v2018.05
v2018.06
v2018.08
v2018.09