CVE-2019-7890

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*

History

21 Nov 2024, 04:48

Type Values Removed Values Added
References () https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 - Vendor Advisory () https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 - Vendor Advisory

Information

Published : 2019-08-02 22:15

Updated : 2024-11-21 04:48


NVD link : CVE-2019-7890

Mitre link : CVE-2019-7890

CVE.ORG link : CVE-2019-7890


JSON object : View

Products Affected

magento

  • magento
CWE
CWE-639

Authorization Bypass Through User-Controlled Key