2 matches found
CVE-2019-8235
An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...
CVE-2019-8235
CVE-2019-8235 is an IDOR vulnerability affecting Magento 2.x—specifically versions prior to 2.3.1 (2.3.x), 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17. An authenticated user could view another user’s personally identifiable shipping details due to insufficient validation of user-controlled input....