GHSA-qpp7-742q-58j3

Source

https://github.com/advisories/GHSA-qpp7-742q-58j3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-qpp7-742q-58j3/GHSA-qpp7-742q-58j3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qpp7-742q-58j3

Aliases

Published

2024-10-10T12:31:12Z

Modified

2024-10-14T20:23:47.151728Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

Magento Open Source Improper Authorization vulnerability

Details

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.

Database specific

{
    "nvd_published_at": "2024-10-10T10:15:06Z",
    "cwe_ids": [
        "CWE-285",
        "CWE-863"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-11T18:27:17Z"
}

References

Affected packages

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.7-beta1

Fixed

2.4.7-p3

Affected versions

2.*

2.4.7-beta1

2.4.7-beta2

2.4.7-beta3

2.4.7

2.4.7-p1

2.4.7-p2

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.6-p1

Fixed

2.4.6-p8

Affected versions

2.*

2.4.6-p1

2.4.6-p2

2.4.6-p3

2.4.6-p4

2.4.6-p5

2.4.6-p6

2.4.6-p7

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.5-p1

Fixed

2.4.5-p10

Affected versions

2.*

2.4.5-p1

2.4.5-p2

2.4.5-p3

2.4.5-p4

2.4.5-p5

2.4.5-p6

2.4.5-p7

2.4.5-p8

2.4.5-p9

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.4-p11

Affected versions

0.*

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.42.0-beta1

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.42.0-beta10

0.42.0-beta11

0.74.0-beta1

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

1.*

1.0.0-beta

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0-beta5

1.0.0-beta6

2.*

2.0.0-rc

2.0.0-rc2

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.3.0

2.3.1

2.3.2

2.3.2-p2

2.3.3

2.3.3-p1

2.3.4

2.3.4-p2

2.3.5

2.3.5-p1

2.3.5-p2

2.3.6

2.3.6-p1

2.3.7

2.3.7-p1

2.3.7-p2

2.3.7-p3

2.3.7-p4

2.4.0

2.4.0-p1

2.4.1

2.4.1-p1

2.4.2

2.4.2-p1

2.4.2-p2

2.4.3

2.4.3-p1

2.4.3-p2

2.4.3-p3

2.4.4

2.4.4-p1

2.4.4-p2

2.4.4-p3

2.4.4-p4

2.4.4-p5

2.4.4-p6

2.4.4-p7

2.4.4-p8

2.4.4-p9

2.4.4-p10

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.7

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.6

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.5

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.4