Lucene search

GoogleOSV:GHSA-XFM3-HJCC-GV78

HistoryNov 09, 2023 - 4:02 p.m.

Any value can be changed in the configuration table by an employee having access to block reassurance module

2023-11-0916:02:38

Google

osv.dev

value modification

configuration table

block reassurance module

ajax function

software

patch v5.1.4

workaround

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

7.2 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

Impact

An ajax function in module blockreassurance allows modifying any value in the configuration table

Patches

v5.1.4

Workarounds

no workaround available

References

CPENameOperatorVersion
prestashop/blockreassuranceeq2.0.3
prestashop/blockreassuranceeq1.0.1
prestashop/blockreassuranceeq3.0.1
prestashop/blockreassuranceeq4.1.1
prestashop/blockreassuranceeq3.0.0
prestashop/blockreassuranceeq5.1.1
prestashop/blockreassuranceeq5.1.2
prestashop/blockreassuranceeq2.0.1
prestashop/blockreassuranceeq5.1.3
prestashop/blockreassuranceeq1.0.5

Name	Operator	Version
prestashop/blockreassurance	eq	2.0.3
prestashop/blockreassurance	eq	1.0.1
prestashop/blockreassurance	eq	3.0.1
prestashop/blockreassurance	eq	4.1.1
prestashop/blockreassurance	eq	3.0.0
prestashop/blockreassurance	eq	5.1.1
prestashop/blockreassurance	eq	5.1.2
prestashop/blockreassurance	eq	2.0.1
prestashop/blockreassurance	eq	5.1.3
prestashop/blockreassurance	eq	1.0.5

Rows per page:

1-10 of 161