PT-2022-24863 · Saleor · Saleor
Nyankiyoshi
·
Published
2022-10-06
·
Updated
2023-01-23
·
CVE-2022-39275
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Saleor versions prior to 3.1.24
Saleor versions prior to 3.2.14
Saleor versions prior to 3.3.26
Saleor versions prior to 3.4.24
Saleor versions prior to 3.5.23
Saleor versions prior to 3.6.18
Saleor versions prior to 3.7.17
Description
The issue affects a headless, GraphQL commerce platform, where some GraphQL mutations did not properly check the ID type input. This allowed access to database objects that the authenticated user may not be allowed to access, potentially exposing information such as database row counts from tables with a sequential primary key or staff user and customer email addresses and full names through the
assignNavigation() mutation.Recommendations
For versions prior to 3.1.24, upgrade to version 3.1.24 or later.
For versions prior to 3.2.14, upgrade to version 3.2.14 or later.
For versions prior to 3.3.26, upgrade to version 3.3.26 or later.
For versions prior to 3.4.24, upgrade to version 3.4.24 or later.
For versions prior to 3.5.23, upgrade to version 3.5.23 or later.
For versions prior to 3.6.18, upgrade to version 3.6.18 or later.
For versions prior to 3.7.17, upgrade to version 3.7.17 or later.
Exploit
Fix
Incorrect Authorization
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Saleor