GHSA-r7mm-grf3-5fjv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r7mm-grf3-5fjv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-r7mm-grf3-5fjv/GHSA-r7mm-grf3-5fjv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r7mm-grf3-5fjv
- Aliases
- Published
- 2022-08-17T00:00:19Z
- Modified
- 2024-02-16T08:17:35.767735Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Magento Improper Authorization vulnerability
- Details
-
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.
- Database specific
{ "nvd_published_at": "2022-08-16T21:15:00Z", "cwe_ids": [ "CWE-285", "CWE-863" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-11T19:35:36Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-34256
- https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523
- https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa
- https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594
- https://github.com/magento/magento2
- https://helpx.adobe.com/security/products/magento/apsb22-38.html
Affected packages
Packagist / magento/community-edition
Package
- Name
- magento/community-edition
- Purl
- pkg:composer/magento/community-edition
Packagist / magento/community-edition
Package
- Name
- magento/community-edition
- Purl
- pkg:composer/magento/community-edition
Packagist / magento/community-edition
Package
- Name
- magento/community-edition
- Purl
- pkg:composer/magento/community-edition