GitHub Advisory DatabaseGHSA-RF4Q-M23C-7Q8RMagento Open Source Cross-Site Request Forgery (CSRF) vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| magento | community-edition | 2.4.4 | cpe:2.3:a:magento:community-edition:2.4.4:*:*:*:*:*:*:* |
| magento | community-edition | * | cpe:2.3:a:magento:community-edition:*:*:*:*:*:*:*:* |
| magento | community-edition | 2.4.5 | cpe:2.3:a:magento:community-edition:2.4.5:*:*:*:*:*:*:* |
| magento | community-edition | 2.4.6 | cpe:2.3:a:magento:community-edition:2.4.6:*:*:*:*:*:*:* |
| magento | community-edition | 2.4.7 | cpe:2.3:a:magento:community-edition:2.4.7:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
Low