Veracode Vulnerability DatabaseVERACODE:43262Use Of Insufficiently Random Values
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
25.8%
Magento LTS is vulnerable to Use of Insufficiently Random Values. The vulnerability is caused by not generating sufficient length protect_code value as part of guest order cookie - guest-view and not implementing a rate limiting in the end point (e.g: /magento19/index.php/default/sales/guest/view/) which is used to access the sensitive guest data order using this cookie. An attacker can brute-force the protect_code for guest orders very easily as it is 6 digits hexadecimal value and can result in disclosure of sensitive information like billing address, shipping address, payment details and the ordered items.
References
github.com/OpenMage/magento-lts/commit/2a2a2fb504247e8966f8ffc2e17d614be5d43128
github.com/OpenMage/magento-lts/commit/31e74ac5d670b10001f88f038046b62367f15877
github.com/OpenMage/magento-lts/releases/tag/v19.5.1
github.com/OpenMage/magento-lts/releases/tag/v20.1.1
github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
25.8%