PT-2023-12036 · Unknown · Magneto Lts

Xenx

Published

2023-01-26

Updated

2023-02-07

CVE-2021-21395

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Magneto LTS versions prior to 19.4.22 Magneto LTS versions prior to 20.0.19

Description The password reset form in Magneto LTS is vulnerable to Cross-Site Request Forgery (CSRF) between the time the reset password link is clicked and the user submits a new password.

Recommendations For versions prior to 19.4.22, update to version 19.4.22 to resolve the issue. For versions prior to 20.0.19, update to version 20.0.19 to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2021-21395

GHSA-R3C9-9J5Q-PWV4

Affected Products

Magneto Lts

PT-2023-12036 · Unknown · Magneto Lts

CVE-2021-21395

Weakness Enumeration

Related Identifiers

Affected Products

References · 11