CVE-2023-29287

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-29287

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29287.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-29287

Aliases

GHSA-85m4-g9vq-xpxj

Published

2023-06-15T00:00:00Z

Modified

2026-05-13T04:23:22.800990035Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Adobe Commerce Information Exposure Security feature bypass

Details

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..

Database specific

{
    "cna_assigner": "adobe",
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29287.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "2.4.6"
                },
                {
                    "last_affected": "2.4.5-p2"
                },
                {
                    "last_affected": "2.4.4-p3"
                },
                {
                    "last_affected": "None"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}

References

Affected packages

Git / github.com/magento/magento2

Affected ranges

Type

GIT

Repo

https://github.com/magento/magento2

Events

Introduced

Last affected

44a7b6079bcac5ba92040b16f4f74024b4f34d09

Last affected

3c90474cbeac29921594ab97e68ca0502b5827a0

Last affected

8d05e426a54cd4937b22fab079d40dfc431b6dfb

Last affected

ad91bd9eb0a691dc72bb8d794484dbd0b5a2a3f0

Last affected

246d524b7586af2245092008e0d92b8d6fdd8523

Last affected

6729b6e01368248abc33300208eb292c95050203

Last affected

e15fcef0c71b5f25ed3d50f41586d70c45c2cb42

Last affected

445b0f1a3d6a91b5da32d311077c2112ef0b1503

Last affected

a2eb7e29ea92a8bbc86c3b6b81b59d8533088497

Last affected

33242e4b19cf207d7b73f7791ef894b48bb41f8a

Last affected

1bd5cb8c065e44779526c0b044ce19b884707695

Last affected

2c2b2745151ecf2872f006c109d355f7a01ba9db

Last affected

4c36116dcf878e127059d9be9566a119783583f2

Last affected

8afdb9858d238392ecb5dbfe556068ec1af137bc

Last affected

1dd4ee8c3ab26dbb762fbaf9893c1f75148bb35b

Last affected

0f9a056c8d83c4f319626b3e56ec52a533999f25

Last affected

5548bc64b5bc904346c0af9193a7fbb5274b4efa

Last affected

ef922155dbe6321862b3811e2472f2790489e685

Last affected

e18651b120784046b22e146ca1ab5d79493ed8a4

Last affected

1df4565907d40f14ee1c753cc2de2ce567bfa8d7

Last affected

11846a1a10539470f2fe1522030ff42d62daa562

Last affected

3e26248d2ccb4b52d75e6188bb1fc93dd691c254

Last affected

d846142a3ab8b49597dfb8bd7508d875efdab19a

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.7-NA"
        },
        {
            "last_affected": "2.3.7-p1"
        },
        {
            "last_affected": "2.3.7-p2"
        },
        {
            "last_affected": "2.3.7-p3"
        },
        {
            "last_affected": "2.3.7-p4"
        },
        {
            "last_affected": "2.4.0-NA"
        },
        {
            "last_affected": "2.4.0-ext\\-1"
        },
        {
            "last_affected": "2.4.1-NA"
        },
        {
            "last_affected": "2.4.1-ext\\-1"
        },
        {
            "last_affected": "2.4.2-NA"
        },
        {
            "last_affected": "2.4.2-ext\\-1"
        },
        {
            "last_affected": "2.4.2-ext\\-2"
        },
        {
            "last_affected": "2.4.3-NA"
        },
        {
            "last_affected": "2.4.3-ext\\-1"
        },
        {
            "last_affected": "2.4.3-ext\\-2"
        },
        {
            "last_affected": "2.4.4-NA"
        },
        {
            "last_affected": "2.4.4-p1"
        },
        {
            "last_affected": "2.4.4-p2"
        },
        {
            "last_affected": "2.4.4-p3"
        },
        {
            "last_affected": "2.4.5-NA"
        },
        {
            "last_affected": "2.4.5-p1"
        },
        {
            "last_affected": "2.4.5-p2"
        },
        {
            "last_affected": "2.4.6-NA"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
        "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
        "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
        "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
        "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
        "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
        "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
        "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
        "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*"
    ]
}

Affected versions

0.*

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.42.0-beta1

0.42.0-beta3

0.74.0-beta1

2.*

2.0.0

2.0.0-rc

2.1.0

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.2.0-RC1.1

2.2.0-RC1.2

2.2.0-RC1.3

2.3.7

2.3.7-p1

2.3.7-p2

2.3.7-p3

2.3.7-p4

2.4.0

2.4.0-p1

2.4.1

2.4.1-p1

2.4.2

2.4.2-p1

2.4.2-p2

2.4.3

2.4.3-p1

2.4.3-p2

2.4.4

2.4.4-p1

2.4.4-p2

2.4.4-p3

2.4.5

2.4.5-p1

2.4.5-p2

2.4.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29287.json"