Lucene search
GoogleOSV:GHSA-2FHR-F6Q6-C4P2HistoryMay 24, 2022 - 4:52 p.m.
Magento 2 Community Edition Access Control Bypass
2022-05-2416:52:29
Google
osv.dev
6
0.001 Low
EPSS
Percentile
49.7%
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information.
References
github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7950.yaml
github.com/magento/magento2
magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
nvd.nist.gov/vuln/detail/CVE-2019-7950
web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
Related
prion
prion
Improper access control
2019-08-02 22:15:00
cve
cve
CVE-2019-7950
2019-08-02 22:15:19
friendsofphp
friendsofphp
PRODSECBUG-2429: Insecure object reference via customer REST API
2019-06-25 00:00:00
veracode
veracode
Authorization Bypass
2019-08-13 06:29:50
cvelist
cvelist
CVE-2019-7950
2019-08-02 21:35:49
osv
osv
CVE-2019-7950
2019-08-02 22:15:19
nvd
nvd
CVE-2019-7950
2019-08-02 22:15:19
github
github
Magento 2 Community Edition Access Control Bypass
2022-05-24 16:52:29
openvas
openvas