Lucene search
Veracode Vulnerability DatabaseVERACODE:48118HistoryJul 18, 2024 - 8:45 a.m.
Information Disclosure
2024-07-1808:45:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
sylius
software
vulnerability
endpoint
information disclosure
guest customer information
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.9
Confidence
Low
sylius/sylius is vulnerable to Information Disclosure. The vulnerability is due to the /api/v2/shop/adjustments/{id} endpoint, which allows an attacker to enumerate valid adjustment IDs to retrieve order tokens and access sensitive guest customer information.
Related
osv
osv
Sylius has a security vulnerability via adjustments API endpoint
2024-07-17 14:32:18
vulnrichment
vulnrichment
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius
2024-07-17 17:51:45
nvd
nvd
CVE-2024-40633
2024-07-17 18:15:04
cvelist
cvelist
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius
2024-07-17 17:51:45
cve
cve
CVE-2024-40633
2024-07-17 18:15:04
github
github
Sylius has a security vulnerability via adjustments API endpoint
2024-07-17 14:32:18
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.9
Confidence
Low
Related for VERACODE:48118