CVE-2023-38218

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38218

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38218.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-38218

Aliases

GHSA-rpc7-gf58-v3x2

Published

2023-10-13T07:15:40.047Z

Modified

2025-11-15T06:55:36.166251Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.

References

https://helpx.adobe.com/security/products/magento/apsb23-50.html

Affected packages

Git / github.com/magento/magento2

Affected ranges

Type: GIT
Repo: https://github.com/magento/magento2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0f9a056c8d83c4f319626b3e56ec52a533999f25

Last affected

11846a1a10539470f2fe1522030ff42d62daa562

Last affected

1bd5cb8c065e44779526c0b044ce19b884707695

Last affected

1dd4ee8c3ab26dbb762fbaf9893c1f75148bb35b

Last affected

1df4565907d40f14ee1c753cc2de2ce567bfa8d7

Last affected

246d524b7586af2245092008e0d92b8d6fdd8523

Last affected

2c2b2745151ecf2872f006c109d355f7a01ba9db

Last affected

33242e4b19cf207d7b73f7791ef894b48bb41f8a

Last affected

37861a4025ef7f18016d3ab149e006da46821784

Last affected

3c90474cbeac29921594ab97e68ca0502b5827a0

Last affected

3e26248d2ccb4b52d75e6188bb1fc93dd691c254

Last affected

445b0f1a3d6a91b5da32d311077c2112ef0b1503

Last affected

44a7b6079bcac5ba92040b16f4f74024b4f34d09

Last affected

4c36116dcf878e127059d9be9566a119783583f2

Last affected

4d4e0e2ebf249a00c5f5aa1eaec3f24575133b62

Last affected

5548bc64b5bc904346c0af9193a7fbb5274b4efa

Last affected

58dfc61e7b545bdeaf3c3a2dac489e8770d85656

Last affected

5f07eba878296a37bd5c3a2baecad48948547594

Last affected

6729b6e01368248abc33300208eb292c95050203

Last affected

727560d82199f6b938d1906e9d923e2dd40b490a

Last affected

8afdb9858d238392ecb5dbfe556068ec1af137bc

Last affected

8d05e426a54cd4937b22fab079d40dfc431b6dfb

Last affected

a2ded45232876973af6e30fe312b76c0de77ebf3

Last affected

a2eb7e29ea92a8bbc86c3b6b81b59d8533088497

Last affected

ad91bd9eb0a691dc72bb8d794484dbd0b5a2a3f0

Last affected

c739d2113ebbbdceede4fa0dd6b0a0fc3e83355c

Last affected

d10435b11ada4e502dca7539f8fd31d059d3c482

Last affected

d6f014854784eccd39d2ecb35c4beeb82d59b309

Last affected

d846142a3ab8b49597dfb8bd7508d875efdab19a

Last affected

e15fcef0c71b5f25ed3d50f41586d70c45c2cb42

Last affected

e18651b120784046b22e146ca1ab5d79493ed8a4

Last affected

ef922155dbe6321862b3811e2472f2790489e685

Affected versions

0.*

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.42.0-beta1

0.42.0-beta10

0.42.0-beta11

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.74.0-beta1

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

1.*

1.0.0-beta

2.*

2.0.0

2.0.0-rc

2.0.0-rc2

2.1.0

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.2.0-RC1.1

2.2.0-RC1.2

2.2.0-RC1.3

2.2.0-RC1.4

2.2.0-RC1.5

2.2.0-RC1.6

2.2.0-RC1.8

2.2.0-rc2.0

2.2.0-rc2.1

2.2.0-rc2.2

2.2.0-rc2.3

2.2.0-rc3.0

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4