CVE-2023-26051

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-26051
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1 Patch
https://github.com/saleor/saleor/releases/tag/3.1.48 Release Notes
https://github.com/saleor/saleor/releases/tag/3.10.14 Release Notes
https://github.com/saleor/saleor/releases/tag/3.11.12 Release Notes
https://github.com/saleor/saleor/releases/tag/3.7.59 Release Notes
https://github.com/saleor/saleor/releases/tag/3.8.30 Release Notes
https://github.com/saleor/saleor/releases/tag/3.9.27 Release Notes
https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85 Vendor Advisory
https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1 Patch
https://github.com/saleor/saleor/releases/tag/3.1.48 Release Notes
https://github.com/saleor/saleor/releases/tag/3.10.14 Release Notes
https://github.com/saleor/saleor/releases/tag/3.11.12 Release Notes
https://github.com/saleor/saleor/releases/tag/3.7.59 Release Notes
https://github.com/saleor/saleor/releases/tag/3.8.30 Release Notes
https://github.com/saleor/saleor/releases/tag/3.9.27 Release Notes
https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*
cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*
cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*
cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*
cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*
cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*
History

21 Nov 2024, 07:50

Type Values Removed Values Added
References () https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1 - Patch () https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1 - Patch
References () https://github.com/saleor/saleor/releases/tag/3.1.48 - Release Notes () https://github.com/saleor/saleor/releases/tag/3.1.48 - Release Notes
References () https://github.com/saleor/saleor/releases/tag/3.10.14 - Release Notes () https://github.com/saleor/saleor/releases/tag/3.10.14 - Release Notes
References () https://github.com/saleor/saleor/releases/tag/3.11.12 - Release Notes () https://github.com/saleor/saleor/releases/tag/3.11.12 - Release Notes
References () https://github.com/saleor/saleor/releases/tag/3.7.59 - Release Notes () https://github.com/saleor/saleor/releases/tag/3.7.59 - Release Notes
References () https://github.com/saleor/saleor/releases/tag/3.8.30 - Release Notes () https://github.com/saleor/saleor/releases/tag/3.8.30 - Release Notes
References () https://github.com/saleor/saleor/releases/tag/3.9.27 - Release Notes () https://github.com/saleor/saleor/releases/tag/3.9.27 - Release Notes
References () https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85 - Vendor Advisory () https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85 - Vendor Advisory
CVSS v2 : unknown
v3 : 4.3 		v2 : unknown
v3 : 6.5

07 Nov 2023, 04:09

Type Values Removed Values Added
Summary Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
Information

Published : 2023-03-02 19:15

Updated : 2024-11-21 07:50

NVD link : CVE-2023-26051

Mitre link : CVE-2023-26051

CVE.ORG link : CVE-2023-26051

JSON object : View

Products Affected

saleor

  • saleor
CWE
CWE-209

Generation of Error Message Containing Sensitive Information


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024