CVE-2019-8235

Name of the Vulnerable Software and Affected Versions Magento versions 2.1 prior to 2.1.17 Magento versions 2.2 prior to 2.2.8 Magento versions 2.3 prior to 2.3.1

Description An insecure direct object reference (IDOR) issue exists, allowing an authenticated user to potentially view personally identifiable shipping details of another user due to insufficient validation of user-controlled input.

Recommendations For Magento version 2.1, update to version 2.1.17 or later. For Magento version 2.2, update to version 2.2.8 or later. For Magento version 2.3, update to version 2.3.1 or later.