CVE-2023-41879
CVE-2023-41879 affects Magento OpenMage LTS (Magento LTS) where a guest-order retrieval cookie, guest-view, contains a 6-hex-protect_code. The short entropy (24 bits) enables brute-forcing to view guest orders without authentication, exposing billing/shipping data and order items. Multiple source...