CVE-2020-7964

{"id": "CVE-2020-7964", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-01-24T20:15:11.050", "references": [{"url": "https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/mirumee/saleor/releases/tag/2.9.1", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mirumee/saleor/releases/tag/2.9.1", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Mirumee Saleor versiones 2.x anteriores a 2.9.1. Un control de acceso incorrecto en las mutaciones de la funci\u00f3n checkoutCustomerAttach, permiten a atacantes adjuntar sus pagos a cualquier ID de usuario y, en consecuencia, filtrar datos del usuario (por ejemplo, nombre, direcci\u00f3n y pedidos anteriores de cualquier otro cliente)."}], "lastModified": "2024-11-21T05:38:06.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mirumee:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53F3DA54-64C9-4FBA-B2BF-429748FA0AE8", "versionEndExcluding": "2.9.1", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}