GHSA-7472-vw39-g2j3

Suggest an improvement
Source
https://github.com/advisories/GHSA-7472-vw39-g2j3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-7472-vw39-g2j3/GHSA-7472-vw39-g2j3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7472-vw39-g2j3
Aliases
Published
2024-08-14T12:35:02Z
Modified
2024-09-16T20:29:23.272915Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Magento Open Source Improper Authorization vulnerability
Details

Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

Database specific 
{
    "nvd_published_at": "2024-08-14T12:15:27Z",
    "github_reviewed_at": "2024-09-16T20:10:08Z",
    "cwe_ids": [
        "CWE-285"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}
References

Affected packages

Packagist

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.7-p1
Fixed
2.4.7-p2

Affected versions

2.*

2.4.7-p1

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.7

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.6-p1
Fixed
2.4.6-p7

Affected versions

2.*

2.4.6-p1
2.4.6-p2
2.4.6-p3
2.4.6-p4
2.4.6-p5
2.4.6-p6

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.6

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.5-p1
Fixed
2.4.5-p9

Affected versions

2.*

2.4.5-p1
2.4.5-p2
2.4.5-p3
2.4.5-p4
2.4.5-p5
2.4.5-p6
2.4.5-p7
2.4.5-p8

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.5

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.4-p10

Affected versions

0.*

0.1.0-alpha89
0.1.0-alpha90
0.1.0-alpha91
0.1.0-alpha92
0.1.0-alpha93
0.1.0-alpha94
0.1.0-alpha95
0.1.0-alpha96
0.1.0-alpha97
0.1.0-alpha98
0.1.0-alpha99
0.1.0-alpha100
0.1.0-alpha101
0.1.0-alpha102
0.1.0-alpha103
0.1.0-alpha104
0.1.0-alpha105
0.1.0-alpha106
0.1.0-alpha107
0.1.0-alpha108
0.42.0-beta1
0.42.0-beta2
0.42.0-beta3
0.42.0-beta4
0.42.0-beta5
0.42.0-beta6
0.42.0-beta7
0.42.0-beta8
0.42.0-beta9
0.42.0-beta10
0.42.0-beta11
0.74.0-beta1
0.74.0-beta2
0.74.0-beta3
0.74.0-beta4
0.74.0-beta5
0.74.0-beta6
0.74.0-beta7
0.74.0-beta8
0.74.0-beta9
0.74.0-beta10
0.74.0-beta11
0.74.0-beta12
0.74.0-beta13
0.74.0-beta14
0.74.0-beta15
0.74.0-beta16

1.*

1.0.0-beta
1.0.0-beta2
1.0.0-beta3
1.0.0-beta4
1.0.0-beta5
1.0.0-beta6

2.*

2.0.0-rc
2.0.0-rc2
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.1.0-rc1
2.1.0-rc2
2.1.0-rc3
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.3.0
2.3.1
2.3.2
2.3.2-p2
2.3.3
2.3.3-p1
2.3.4
2.3.4-p2
2.3.5
2.3.5-p1
2.3.5-p2
2.3.6
2.3.6-p1
2.3.7
2.3.7-p1
2.3.7-p2
2.3.7-p3
2.3.7-p4
2.4.0
2.4.0-p1
2.4.1
2.4.1-p1
2.4.2
2.4.2-p1
2.4.2-p2
2.4.3
2.4.3-p1
2.4.3-p2
2.4.3-p3
2.4.4
2.4.4-p1
2.4.4-p2
2.4.4-p3
2.4.4-p4
2.4.4-p5
2.4.4-p6
2.4.4-p7
2.4.4-p8
2.4.4-p9

magento/community-edition

Package

Name
magento/community-edition
Purl
pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.4