BIT-magento-2024-34103

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/magento/BIT-magento-2024-34103.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-magento-2024-34103

Aliases

Published

2024-06-17T07:26:14.237Z

Modified

2024-08-07T17:57:02.995377Z

Summary

[none]

Details

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.

Database specific

{
    "cpes": [
        "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
        "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
        "cpe:2.3:a:magento:magento:*:*:*:*:open_source:php:*:*"
    ],
    "severity": "High"
}

References

https://helpx.adobe.com/security/products/magento/apsb24-40.html

Affected packages

Bitnami / magento

Package

Name: magento
Purl: pkg:bitnami/magento

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.4.7-alpha0

Fixed

2.4.7-p1

Introduced

2.4.6-alpha0

Fixed

2.4.6-p6

Introduced

2.4.5-alpha0

Fixed

2.4.5-p8

Introduced

2.4.4-alpha0

Fixed

2.4.4-p9