An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
References
Link | Resource |
---|---|
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 | Vendor Advisory |
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 - Vendor Advisory |
Information
Published : 2019-08-02 22:15
Updated : 2024-11-21 04:48
NVD link : CVE-2019-7890
Mitre link : CVE-2019-7890
CVE.ORG link : CVE-2019-7890
JSON object : View
Products Affected
magento
- magento
CWE
CWE-639
Authorization Bypass Through User-Controlled Key