Magento Open Source Improper Authorization vulnerability

🗓️ 10 Oct 2024 12:31:13Reported by GitHub Advisory DatabaseType

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction

Reporter	Title	Published	Views	Family All 16
Tenable Nessus	Adobe Commerce/Magento Open Source Multiple Vulnerabilities (APSB24-73)	23 Jul 202500:00	–	nessus
Tenable Nessus	Adobe Commerce B2B Multiple Vulnerabilities (APSB24-73)	23 Jul 202500:00	–	nessus
Circl	CVE-2024-45131	10 Oct 202413:24	–	circl
CNNVD	Adobe Commerce 授权问题漏洞	10 Oct 202400:00	–	cnnvd
CNVD	Adobe Commerce Improper Authorization Vulnerability (CNVD-2024-41467)	13 Oct 202400:00	–	cnvd
CVE	CVE-2024-45131	10 Oct 202409:57	–	cve
Cvelist	CVE-2024-45131 Adobe Commerce \| Incorrect Authorization (CWE-863)	10 Oct 202409:57	–	cvelist
EUVD	EUVD-2024-3165	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Adobe Commerce and Magento	9 Oct 202413:38	–	ncsc
NVD	CVE-2024-45131	10 Oct 202410:15	–	nvd

Vulners

Node

magento community-editioncomposer

magento community-editionRange<2.4.4-p11composer

magento community-editionRange2.4.5-p1–2.4.5-p10composer

magento community-editionRange2.4.6-p1–2.4.6-p8composer

magento community-editionRange2.4.7-beta1–2.4.7-p3composer

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-45131
helpx	www.helpx.adobe.com/security/products/magento/apsb24-73.html
github	www.github.com/advisories/GHSA-xc5p-773w-m3pm

14 Oct 2024 20:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.4

EPSS0.00132

SSVC