A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
References
Link | Resource |
---|---|
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 | Vendor Advisory |
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 - Vendor Advisory |
Information
Published : 2019-08-02 22:15
Updated : 2024-11-21 04:48
NVD link : CVE-2019-7855
Mitre link : CVE-2019-7855
CVE.ORG link : CVE-2019-7855
JSON object : View
Products Affected
magento
- magento
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)