Lucene search

Veracode Vulnerability DatabaseVERACODE:44220

HistoryNov 10, 2023 - 6:39 a.m.

Improper Access Control

2023-11-1006:39:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

prestashop

blockreassurance

access control

vulnerability

configuration

ajax

attacker

sensitive information

system

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Prestashop/blockreassurance is vulnerable to Improper Access Control. This vulnerability exists due to the lack of configuration key checks in the ajax function of the blockreassurance module , allowing an attacker to modify sensitive information in the system.

CPENameOperatorVersion
prestashop/blockreassurancelev5.1.3
prestashop/blockreassurancelev5.1.3

CPE	Name	Operator	Version
	prestashop/blockreassurance	le	v5.1.3
	prestashop/blockreassurance	le	v5.1.3

References

github.com/PrestaShop/blockreassurance/commit/0a74bf1ebb907eef39e235a3a6dca0c28ed3ad23

github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78