PT-2022-37726 — Improper Authorization in Packagist Magento Community Edition+1

PT-2022-37726 · Packagist · Magento Community Edition+1

Published

2022-05-24

Updated

2022-05-24

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.

Fix

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-863

Related Identifiers

GHSA-VRQ2-W7R7-3FP2

Affected Products

Magento Community Edition

Magento/Project-Community-Edition

PT-2022-37726 · Packagist · Magento Community Edition+1

Weakness Enumeration

Related Identifiers

Affected Products

References · 4