GitHub Advisory DatabaseGHSA-X5Q5-6WVF-2FPQMagento 2 Community Edition Insufficient Logging
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
27.3%
An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| magento/community-edition | lt | 2.3.3 | |
| magento/community-edition | lt | 2.2.10 | |
| magento/community-edition | lt | 2.1.19 |
References
github.com/advisories/GHSA-x5q5-6wvf-2fpq
github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8124.yaml
magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
nvd.nist.gov/vuln/detail/CVE-2019-8124
web.archive.org/web/20220121051105/https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
27.3%