Lucene search

[email protected]NVD:CVE-2023-26051

HistoryMar 02, 2023 - 7:15 p.m.

CVE-2023-26051

2023-03-0219:15:10

CWE-209

[email protected]

web.nvd.nist.gov

saleor

graphql

commerce

platform

unhandled

python

exceptions

sensitive

data

address

staff-authenticated

requests

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

42.1%

JSON

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

Affected configurations

Nvd

Node

saleorsaleorRange2.0.0–3.1.48

saleorsaleorRange3.2.0–3.7.59

saleorsaleorRange3.8.0–3.8.30

saleorsaleorRange3.9.0–3.9.27

saleorsaleorRange3.10.0–3.10.14

saleorsaleorRange3.11.0–3.11.12

References

github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1

github.com/saleor/saleor/releases/tag/3.1.48

github.com/saleor/saleor/releases/tag/3.10.14

github.com/saleor/saleor/releases/tag/3.11.12

github.com/saleor/saleor/releases/tag/3.7.59

github.com/saleor/saleor/releases/tag/3.8.30

github.com/saleor/saleor/releases/tag/3.9.27

github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

42.1%

JSON

Related for NVD:CVE-2023-26051

osv2 prion1 cvelist1 github1 cve1 veracode1