GHSA-3pgc-7jf3-5x5g

Source

https://github.com/advisories/GHSA-3pgc-7jf3-5x5g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3pgc-7jf3-5x5g/GHSA-3pgc-7jf3-5x5g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3pgc-7jf3-5x5g

Aliases

CVE-2019-7890

Published

2022-05-24T16:52:26Z

Modified

2024-02-16T08:19:54.809630Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Magento 2 Community Edition IDOR Vulnerability

Details

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

Database specific

{
    "nvd_published_at": "2019-08-02T22:15:00Z",
    "cwe_ids": [
        "CWE-639"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-17T20:40:16Z"
}

References

Affected packages

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1

Fixed

2.1.18

Affected versions

2.*

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Fixed

2.2.9

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3

Fixed

2.3.2

Affected versions

2.*

2.3.0

2.3.1